Digital Forensics

Computer forensics is the use of specialized techniques for recovery, authentication , and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation o technical features of data and computer usage. Computer forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel.

The informal nature of these procedures can prevent verification of the evidence collected, and may diminish the value of the evidence in legal proceedings. the ability of an organization to maximize it potential to use digital evidence while minimizing the costs of an investigation.

Early intervention is key,” Perhaps more compelling are the technical and legal implications that recommend early computer forensics intercession. While there are some costs associated with this preparation, there is the opportunity to actively collect potential evidence in the form of logfiles, emails, back-up disks, portable computers, network traffic records, and telephone records amongst others. This evidence may be collected in advance of a crime or dispute, and can be used to the benefit of the collecting organization. To continue, “ Being prepared to gather and use evidence can also have benefit as a deterrent. A good deal of crime is internal. 

As the courts gain more and more experience regarding the definition of computer records and their submission as “evidence,” it is obvious the forensic specialist has a major responsibility. He or she must take great care in extracting and consolidating all of the data he or she thinks will be pertinent to the lawyers and individuals they are working with.

 Categories of Forensics:

Network Based Forensics

Disk Based Forensics( Investigating the hard drive of the criminal , phone, Flash drive, memory sticks etc)

 

Authenticity and the Alteration of Computer Records

One thing we do know regarding computers is that, without secure measures, the data stored on these machines can be easily changed. Lawyers are also aware of this fact and allegations as to the authenticity of the computer records will come into question. Ms. Kenneally states, “… the mutability of digital evidence facilitates legal challenges grounded in chain of-custody and evidencetampering arguments “ So how does the court approach the question of tampering and alteration? In the case of the “United States v. Glasser, 773 F.2d 1553, 1559 (11th Cir. 1985)” [14} the courts established the following: "The existence of an air-tight security system [to prevent tampering] is not, however, a prerequisite to the admissibility of computer printouts. If such a prerequisite did exist, it would become virtually impossible to admit computer generated records; the party opposing admission would have to show only that a better security system was feasible." So the courts threw the responsibility on to the opposing party…they must proved that the security provided was inadequate and that a better security system existed.