Forensics and Digital Evidence
Forensics is a discipline which uses standardized techniques to pull apart an event, analyze what happened, and find a more accurate conclusion to the data analysis than just witness testimony. For centuries, lacking even rudimentary techniques like fingerprinting or blood type analysis, the legal system relied on confessions and witness testimony. We may turn to Ancient Greece for one of the first recorded examples of a type of forensic inquiry. In the anecdote of Archimedes, the scholar was asked by the King to determine if a crown made for him was pure gold or contained silver. It seems the King had supplied pure gold, but suspected the goldsmith of being dishonest. Archimedes had noticed that while bathing the level of the water in the tub rose. He surmised that different objects displace different levels of water. Using a mathematical calculation he determined during his famous "Eureka" moment that silver had actually been mixed in and the goldsmith punished (Archimedes' Principle, 2004).
As science improved, so did the use of forensic evidence within the Court system. Science, in fact, attempts to find answers and thus, over time, techniques evolve and are tested. These new techniques may be controversial at the time, but once they are subjected to scientific inquiry and go through the process of peer reviewed journals and testing, they become validated. Fingerprinting, for instance, was at one time considered unusable and inaccurate, and then became the standard technique for crime scene analysis. Similarly, DNA evidence required higher levels of accuracy and reliability and is now a global tool in fighting crime. Each succeeding general will use the technology that is standard and available to find the best answers within the legal system, particularly those that use a scientific approach to collection, experimentation and dissemination of evidence (Quinche and Margot, 2010).
Particularly when new techniques are involved, it is vital that the standard scientific method, an agreed upon approach of testing, data collection, replication and dissemination of results, be used. When techniques change, like introducing DNA or Digital evidence, forensic science must have a way to compare issues, findings from the scene of the crime, laboratory testing, and robust analysis of the materials to prove to the Courts that detection methods were done in such a way that there is evidence "beyond the shadow of a reasonable doubt" to present to the Court. The basic paradigms of "What happened?" "Why did it happen?" "How did it and how?" are thus appropriate for the methodology and the types of questions a forensic specialist addresses when searching for the truth. This is important to forensics as we introduce digital evidence in crime scene management, methodology, and reporting information to the Court. Overall, this consists of: 1) Formulation of a hypothesis or using a hypothesis to explain an event or phenomena; 2) Use of the hypothesis to predict the existence of other phenomena, or to predict quantitatively the results of new observations; 3) Performance of experimental tests of the predictions by several independent experimenters; 4) Test the evidence in peer review and prove its worth (technique or result) to the Court (Young, 2010)
Digital Evidence
As technologies have changed, so has the type of evidence that is used within a forensics model. In general, digital or electronic evidence is any evidence that is probative stored or transmitted in electronic or digital form. This is, however, more complicated that simply replacing paper evidence with digital evidence, since the digital evidence is usually something filmed, photographed, or attained that may be challenged in a Court of Law. Therefore, before accepting digital evidence, individual Courts tend to determine if it is authentic and relevant, how the evidence was collected, if it is hearsay and whether copies of certain evidence are adequate or if the original is required (Frieden & Murray, 2011).
Because of the manner in which society has changed and become far more electgronic, the use of digital evidence has also increased drastically. Simply out of convenience in storage, professionality in tone, and accurate, Court have allowed more of the use...
This phase is described by Carrier as the phase where we "...use the evidence that we found and determine what events occurred in the system" (Carrier, 2005). 2.2. The United States Department of Justice's (USDOJ) digital forensic analysis methodology The second methodology under review in this paper has been put forward by the United States Department of Justice. This consists of four basic phases: collection, examination, analysis and reporting (Shin, 2011).
Computer Forensics: Generally, forensics can be described as the process of using scientific knowledge in the gathering, evaluation, and presentation of evidence to the courts. Since forensics deal with the presentation of evidence to the courts, it basically deals with the analysis and recovery of hidden evidence. In this case, the hidden evidence may be in several forms including fingerprints, blood stains, and DNA evidence. On the other hand, computer forensics
Computer Forensic Tools: The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of
Computer Forensics The issue at hand involves the examination of a scene from an office space within Widget Corporation. We find that this is the assigned office for a Mr. Didit. The information we have at hand is digital -- a photograph taken from an approximate distance of 3 feet from the occupant's desk. Using the photograph, we find that there are a number of electronic and non-electronic devices and our
Specialized forensic tools will be necessary to retrieve and analyze deleted, renamed and encrypted data that search tools will overlook. Further, forensic tools will help with complex information correlation. For example, to construct a timeline of events it may be necessary to tie network log stamps and data together with database access and usage logs. Reporting is the final phase of forensic investigation. Here, the article is weak, only recommending
Benchmarking Keyloggers for Gathering Digital Evidence on Personal Computers Keyloggers refers to the hardware or software programs, which examine keyboard and mouse activity on a computer in a secretive manner so that the owner of the computer is not aware that their actions are monitored. The keyloggers accumulate the recorded keystrokes for later recovery or remotely convey it to the person employing them. Keyloggers aimed to serve as spyware and currently
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now