Transcript
Running Head: US Criminal Justice and Computer Forensics
1
US Criminal Justice and Computer Forensics LaRon Walker Master of Information Technology and Internet Security July, 2010
�2
Abstract Computer crimes have been on the rise for the past few years. New ways to gain unauthorized access to network resources and files are being found daily, creating the need for the constant adaptation of what the definitions of cyber crimes really are. There are many key elements that are pertinent to a US criminal investigation. However, the most important aspect in collecting computer forensic evidence is the ability to gather the information without altering it in any way. When investigating a computer crime, the evidence must be gathered without any modification to be admissible in court.
�3
US Criminal Justice and Computer Forensics LaRon Walker Master of Information Technology and Internet Security July, 2010 There are many elements that exist in the US Criminal Justice system when it comes to computer crimes. Computer crimes can vary from stealing confidential or proprietary information, gaining unauthorized access to network resources or files, to the disruption of electronic communications. This forces investigators to possess a solid forensics toolkit with a variety of utilities that can gather information from remote and local hosts. According to the article Digital Forensics (Barr, 2006), the most important component in investigating cyber crimes is that of evidence acquisition. This includes the ability to gather an exact copy of the digital evidence without tampering it in any way. Because digital evidence is so fragile, one of the most common reasons why computer forensic evidence is inadmissible in court is because it has been altered from the original form. When gathering forensic evidence, there are four basic components which are performed. Based on the findings by Barr (2006), these procedures are the assessment, acquisition, examination and the documentation and reporting processes. These processes are all necessary in collecting digital evidence, but all aspects must maintain the original form to be admissible in a court of law.
�4
Along with the importance of the acquisition stage in a computer crime investigation, documenting and reporting all steps in the process is also critical. Lack of accurately documenting the procedures when conducting a computer crime investigation can also be the cause why digital evidence is thrown out of a courtroom case. Per Barr (2009), this issue can be resolved by ensuring that the examination of digital evidence is performed by certified forensics analysts. These can be in-house analysts or provided by a third-party. According to Barr (2009), using a third party examiner is preferred because it eliminates the risk of an in-house conspiracy, or an in-house analyst being compromised because of relationships between internal employees. Despite the growing number of what are now considered computer crimes, the lack of unifying standards in which define what digital forensic evidence consists of makes it very hard for investigators to use it in court. One way to address this issue is to validate digital forensics gathering procedures with the law enforcement agencies, and adhere or adapt to these current processes. Along with this, staying consistent with data gathering practices and keeping current with evolving computer forensic processes and tools can also help in developing evidence integrity. By following this strategy, evidence has a better chance in being used in a computer crime case.
�5
References Barr, J. (2006). Digital Forensics. Faulkner Information Services. Retrieved July11, 2010 from Faulkner Information Services database. Barr, J. (2009). Computer Forensics. Faulkner Information Services. Retrieved July11, 2010 from Faulkner Information Services database.
�6
�