Digital Forensic Tools of Investigation Samples for Students †MyAssig

Question: Discuss about the Digital Forensic Tools of Investigation. Answer: Computer crimes By definition, crime is an act that has been done that violates the law(Daniel, 2012). This definition brings about difficulty when dealing with computer related crimes. The enforcement of the law in this area is cumbersome because many crimes done by computers tend not to violate the formal laws put down in judicial proceedings. Therefore, modern laws tend to apply the traditional ways of analyzing computer crimes relating them to criminal offenses such as burglary, fraud and even larceny. However, the advancement in computer technology is also leading to difficulty in applications f such traditional laws(Sammons, 2012). Criminal law This law defines crime as a wrong that has been done which affects the society. Conviction lying within this act usually leads to a jail term. The same law convicts an individual to probation. The punishment incurred in the criminal law is aimed at disciplining the offender and at the same time prevents future occurrence of the crime(Garrison, 2010). For one to be found guilty, the jury needs to believe the conviction beyond reasonable doubt. The easy way of undertaking this is by use of testification that links the offender to the computer crime. However, loopholes still exist the testification as the offender can still be found innocent. The criminal behavior is categorized into two. A felony results into jail term since it is more severe. Another category is the misdemeanors that are punishable by incurring a fine or a prison sentence of a duration less than one year. Civil law In civil law, crime is wrong that is done to an individual or business. Ten offense usually lead to loss or damage. In civil law, there's no jail term as in criminal law, and mainly the purpose of this bill is to provide financial security for the offended and can be given as follows; compensating damages, punitive damages, and costs in statutory. These cases are easier to convict due to the reduced burden incurred during conviction. The jury only needs to believe about the evidence presented against the offender and items can be seized after issuing a search warrant(Andrew Jones, 2011). Insurance. An insurance policy transfers the risk of loss to a party to a desirable level os loss. Any loss in computer information demands the insurance company to pay out about the agreed policy. There is the situation of negligence that requires the insurance company only to pay a portion of the loss incurred. Rule of evidence Investigations done need to be thorough and be adhered to the Rule of Evidence. There is a difficulty in legal proceedings whenever computer crimes are involved. Skills are required to identify and extract information that can convict offenders. More to that, traditionally, evidence necessary to be concrete as opposed to the intangible evidence posed by computers(Gogolin, 2012). Best evidence rule This rule specifically requires original proof of evidence presentation in the court rather than a copy of the evidence. However, a copy can be accepted under these conditions(Casey, 2009); Loss of first evidence due to acts of God such as fire or flood. Destruction of evidence due to ordinary business course, The existence of proof by a third party who cannot be commanded by the court. Exclusionary rule This rule states that any evidence needs to be obtained via law enforcement in adherence to legal guidelines that govern the search and a violation to this leads to evidence obtained as the fruit of a poisonous tree. Hearsay rule. This rule allows a second-hand issuing of evidence not obtained from individual knowledge, but another source and the weight of it depends on the competence of the source in scrutiny. Chain of evidence The evidence obtained during search needs to be put under protection and accountability. This can be done by stating who confiscated the evidence, secured it and had control over it. Admissibility of evidence Admissibility of the computer crime evidence is high since the information in this evidence can easily be interfered with. The court, therefore, generated ways to deal with this scenario by issuing the relevancy of evidence and its reliability laws(Wiles, 2011). The process of investigation Pre-investigation process(Garrison, 2010) Identifying the type of seized system The computer system that has been targeted needs to be evaluated to obtain as much information on it as possible. This includes its hardware and software specifications. Choosing the search and team members to undertake the seizure. Before the seizure, the law enforcement needs to obtain warranty and its members should consist of the lead investigator, an information security department, a legal department and a technical assistant(Gilbert Peterson, 2009). Obtaining and issuing search warrant In case a suspect is believed to be in custody of evidence a warrant is issued. For the permit, the investigator needs to prove the reason for it. Once the warrant is issued, items can be confiscated for investigation(Jahankhani, 2010 ). Execution of investigation Securing of the site Sketching and photographing the site Identification, marking and packing of the evidence according to the collection process adhered to in the Rule of Evidence. During this step, when the computer is on a video tape is recorded by the use of scrolling effect. Also, photographs need to be taken. After this, the computer is powered down bearing in consideration of logical mainframe shutdown. To escape all these steps, the investigation can alternatively be done on site. Obtaining surveillance of the proposed offender. Scrutinizing the evidence obtained. Forensic tools of investigation Various forensic tools are used in the study. These devices are deployed in the survey process. During a forensic investigation, the procedure can start to be an analysis of network traffic. The analysis can be done using a sniffer tool such as Wireshark that intercepts network traffic and logs them for more review. One more tool that can be deployed is the NetworkMiner. This tool is capable of extracting and recovering all files present in the computer under scrutiny. Whenever a real-time investigation needs to be done, the Snort tool can be deployed to track down a network of intruders(Casey, 2009). Reporting During reporting of digital crime, the law will not automatically end with the arrest or clearance of the offenders. The enforcing law needs to obtain and present evidence to the prosecutor who will submit it to the jury for scrutiny. During this process, challenges develop during the investigation and handing over of evidence. The research entails categorizing of evidence such as a hearsay that has been discussed above. The Frye test, therefore, is used to determine the admissibility of the evidence provided. From the results obtained, NIST tools are used to scientifically validate the crime done(Cory Altheide, 2011). Finally, the defense is handed a duplicate of the results achieved or is given access to view the information(Daniel, 2012). References Andrew Jones, C. V. (2011). Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility. Denver: Butterworth-Heinemann. Casey, E. (2009). Handbook of Digital Forensics and Investigation. Chicago: Academic Press. Cory Altheide, H. C. (2011). Digital Forensics with Open Source Tools. Philadelphia: Elsevier. Daniel, L. E. (2012). Digital Forensics for Legal Professionals: Understanding Digital Evidence from the Warrant to the Courtroom. Chicago: Elsevier. Garrison, C. P. (2010). Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data. washington DC: Syngress. Gilbert Peterson, S. S. (2009). Advances in Digital Forensics V: Fifth IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 26-28, 2009, Revised Selected Papers. Wiscosin: Springer. Gogolin, G. (2012). Digital Forensics Explained. New York: CRC Press. Jahankhani, H. (2010 ). Handbook of Electronic Security and Digital Forensics. Chicago: World Scientific. Sammons, J. (2012). The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics. Atlanta: Elsevier. Wiles, J. (2011). TechnoSecurity's Guide to E-Discovery and Digital Forensics: A Comprehensive Handbook. New York City: Elsevier.