Practical Aspects of Computer-Related Crime and Digital Forensics

Module 11 explains how to prepare for forensic analysis and explores the legal and ethical obligations of cybercrime investigators and digital forensics professionals, good practices in the handling of digital evidence, its analysis, the reporting of digital forensics results, and the assessment of digital evidence. A review of authentication procedures and digital algorithms, e.g., MD5 Hash, as developed by Secure Hash Algorithm (SHA) and used to maintain the integrity of digital evidence for use in the prosecutorial process. The module also includes a brief review of the storage system functionality within the computer, provides in broad detail, how information is stored on hard drives, and identifies hidden sources of information on physical media. Finally, the way digital evidence is identified, particularly digital forensics (discussed in Cybercrime Module 10), which is the process by which digital evidence of crimes and cybercrimes is collected, acquired, preserved, analyzed, interpreted, reported, and presented during legal proceedings.

Learning Objectives

After completing this module, you should be able to:

  • Examine legal and ethical obligations of cybercrime investigators and digital forensics professionals
  • Describe essential phases in the digital forensics process
  • Explain the ways in which digital evidence is identified, collected, acquired, and preserved
  • Discuss processes involved in digital evidence analysis and the reporting of findings based on this analysis
  • Summarize a framework for assessing the admissibility of digital evidence in courts
  • Outline the process used to preserve the verifiable integrity of digital evidence

Summary

Preparing for forensic analysis in the context of cybercrime investigations and digital forensics involves a combination of technical skills, legal knowledge, and ethical considerations. Here’s a step-by-step guide on how to prepare for forensic analysis and explore the associated legal and ethical obligations:

  1. Obtain the necessary education and training in digital forensics. Many universities and institutions offer formal programs in this field.
  2. Stay up to date with the latest techniques and tools through continuing education, workshops, and certifications like Certified Information Systems Security Professional (CISSP) or Certified Computer Examiner (CCE).
  3. Develop a solid understanding of the legal framework surrounding cybercrime investigations and digital forensics, including relevant laws, regulations, and court procedures.
  4. Familiarize yourself with the laws and regulations in your jurisdiction, such as the Computer Fraud and Abuse Act (CFAA) in the United States.
  5. Adhere to a strict code of ethics. Digital forensics professionals must maintain the highest ethical standards to ensure the integrity of the evidence and their professional reputation.
  6. Respect individuals’ privacy rights and handle evidence with care to avoid violating those rights.
  7. Acquire the necessary hardware and software tools for digital forensics, including write-blockers, forensic imaging software, and analysis tools.
  8. Ensure that your tools are regularly updated and properly maintained to maintain their reliability.
  9. Develop standardized procedures for documenting every step of your analysis. Proper documentation is crucial for maintaining the chain of custody and ensuring the evidence’s admissibility in court.
  10. Implement strict evidence handling procedures to prevent contamination or tampering. Use write-blockers to ensure that data is not altered during the acquisition process.
  11. Maintain a chain of custody, tracking the evidence from the moment it’s collected until it’s presented in court.
  12. Use forensically sound methods to acquire digital evidence, ensuring the preservation of metadata and file integrity.
  13. Make multiple copies of the evidence, one for analysis, one for backup, and one for preservation.
  14. Employ validated forensic analysis techniques to examine digital evidence, such as file recovery, timeline analysis, and keyword searching.
  15. Use forensic tools that are accepted in court and can produce verifiable results.
  16. Create clear, concise, and detailed forensic reports that document your findings. The report should include details of the evidence, the procedures followed, and the conclusions drawn.
  17. Ensure your reports are unbiased and objective.
  18. Be prepared to testify as an expert witness in court. This involves explaining your findings, your methods, and the significance of your analysis to a judge and jury.
  19. Maintain professionalism and credibility during testimony.
  20. Have your work reviewed by peers or supervisors to ensure the highest quality and accuracy in your analysis.
  21. Continuously improve your skills and knowledge by learning from your mistakes and keeping up with advancements in the field.
  22. Uphold the highest ethical standards, respecting individuals’ rights to privacy and maintaining the integrity of the evidence.
  23. Ensure that all actions and procedures follow relevant laws and regulations.

Preparing for forensic analysis requires a comprehensive understanding of the technical, legal, and ethical aspects of digital forensics. It’s crucial to follow established best practices to maintain the integrity of the evidence and ensure that the results are admissible in a court of law. Additionally, digital forensics professionals should constantly strive for excellence and remain committed to their ethical obligations.

Key Terms/Concepts

Acquisition of data
Admissibility of evidence
Authentication
Best Evidence Rule
Burden of proof

Read, Review, Watch and Listen

  1. Read the Law Enforcement Cyber Center’s Digital Search Warrants – International Association Chiefs of Police (IACP).
  2. Read Fraud in Forensics: Five Cases of Abuse and Evidence Mishandling (Forensics Colleges – Forensic Education Blog, 2022)
  3. Read Witnesses Describe FBI’s Mishandling of Computer Servers in Backpage Takedown (FrontPage Confidential: Online and On the Record, Nov. 2019)
  4. Review Digital Forensic Evidence in the Courtroom_ Understanding Content and Quality – Daniel B. Garrie and J. David Morrissy
  5. Review Digital Forensic Evidence in the Courtroom: Understanding Content and Quality, 12 Nw. J. Tech. & Intell. Prop. 121 (2014). Original location https://scholarlycommons.law.northwestern.edu/njtip/vol12/iss2/5
  6. Read What is Digital Forensics? History, Process, Types, Challenges by Lawrence Williams (March 5, 2022)
  7. Watch Evidence in Civil and Criminal Cases: The Best Evidence (Original Documents) Rule – also embedded below

 

Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.
Contact the professor with any course-related questions. Report any broken links to Dr. Ramirez-Thompson (thompsne@cod.edu).

 

Activity

Students should review the course syllabus to determine the assignment of this activity.

This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page to submit your work for review.

Purpose

The purpose of this activity is to strengthen the student’s understanding of the digital forensics process.

Summary

Digital forensics describes the process of collecting and protecting information that is usually related to some type of security event. As you can imagine, this can cover many different techniques for gathering data across many types of digital devices. And it also describes different methods to use for protecting that information once you’ve retrieved it.

Instructions

  1. Review the United Nations Office on Drugs and Crime’s (UNODC) Standards and best practices for digital forensics
  2. Read the National Institute of Standards and Technology’s (NIST) Digital Evidence Preservation Considerations for Evidence Handlers – also attached to this activity.
  3. Watch Professor Messer’s Digital Forensics – SY0-601 CompTIA Security+ : 4.5 (https://youtu.be/Efu-hT8D_AM)

Answer the following questions:

  • Identify and define each of the three phases for the digital forensic process.
  • Explain why an investigator should secure the event logs from the target device?
  • Describe the importance of documenting step by step exactly what data was gathered and how the information was retrieved.

Key Terms/Concepts

Volatile evidence is only present while the computer is running is called volatile evidence and must be collected using live forensic methods. This includes evidence that is in the system’s RAM (Random Access Memory), such as a program that only is present in the computer’s memory.

Privacy considerations are often counter to the field of computer forensics. In the other words, computer forensics tools try to discover and extract digital evidence related to a specific crime, while privacy protection techniques aim at protecting the data owner’s privacy.

Legal considerations in the course of digital forensics investigations means that the evidence must be authentic, accurate, complete, and convincing to juries and in conformity with jurisdictional law and legislative rules to be admissible at court.

Refer to the course learning management system (LMS); that is Blackboard (BB), for the correct due date. In addition, submit your work via BB for grading.

Discussion Questions

 

Supplemental Resources

Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.

Click HERE to report any needed updates, e.g., broken links.

 

definition

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Computers and Criminal Justice Copyright © 2021 by Eric R. Ramirez-Thompson, PhD is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book