Verified Document

Digital Forensics Research Paper

Digital forensic can be described as a branch of forensic science surrounding the recovery as well as investigation of materials which are found within digital devices, in many occasion regarding computer crime. Originally the term was always used as a synonym for computer forensics; however it has spread out to be used in investigations of the entire devices with capability of storing digital data. Having its grounds in the personal computing revolution of the late 1970s and 1980s, this idea escalated in a disorganized way during the 1990s, but this ended in early 21st century after the emergence of national policies. Digital forensic investigation has been associated with many applications. A widely known one is to refute or support a hypothesis in a civil or criminal courts. Private sectors may also apply forensic, like when there is internal intrusion investigation or corporate investigation. An investigation technical aspect has been categorized into different sub-branches, based on the type of the digital devices affected; forensic data analysis, network forensic, computer forensic, as well a mobile device forensics. Any typical forensic process should include: forensic imaging and analysis of digital media, seizure, and production of report on the evidence collected, (Carrier, Brian D., 2006). In addition to identifying direct evidence of a crime, the use of digital forensics can be on specific suspect evidence, such as determine intent, confirm alibis or statement, authenticate documents, or identify sources; copyright cases. Compared to other forensic analysis, digital forensic tend to cover a wide range of area always covering complex time-lines or hypotheses.

There are various sub-branches in regard to the investigation of different types of artifacts, media, or devices in digital forensics.

Computer forensics: The main aim of this forensics is to give an explanation to the present state of a digital artifact, for example the electronic document, storage medium, computer system. It always covers computers; embedded systems like digital devices that have rudimentary computing power and onboard memory, as well as static memory like USB pen drives, (Farmer, Dan, 2005). Various kind of information is used in computer forensics; from logs like the internet history all through to the real files on the drive.

Mobile device forensics: This is a sub-branch of digital forensics involving recovery of digital data or evidence from a given mobile device. It is different from computer forensics following the fact that mobile device has an inbuilt communications systems such as GSM and severally, proprietary storage mechanisms, (Jones, Andrew, 2008). Mobile device forensics concentrates on simple data like SMS/Email communications and call data but not the deeper recovery of deleted data. Through mobile devices information on location can be determined, which might be from inbuilt gps/location tracking or by means of cell site logs, capable of tracking the devices within their range.

Network Forensics: The discipline involves monitoring as well as analysis of computer network traffic locally and WAN/internet, in order to get information, collect evidence, or detect intrusion. Usually traffic is intercepted within the packet level, and can then be filtered in real time or stored for later analysis. Contrary to other areas of digital forensics, network data tend to be volatile and rarely logged, putting the discipline to be always reactionary. For example, when the United States FBI lured computer hackers, Aleksey Ivanov and Gorshkov in 2000, for a fake job interview. Through monitoring network traffic from the pair's computer, the FBI managed to identify passwords that allowed them to gather evidence directly from computers based in Russia.

Forensic data analysis: It is also a branch of digital forensics which examines structured data with the goal of discovering and analysis of patterns of fraudulent activities leading to financial crime.

Database forensics: This branch of forensics deal with databases and their metadata forensic study. Its investigation use log files, database content as well as in RAM data to build a timeline or for relevant information to be recovered.

Forensic Process

Three stages are involved in digital forensic investigations: imaging or acquisition of exhibits, analysis, and reporting. Generally acquisition revolves around establishing an exact sector level duplicate (or maybe forensic duplicate) of the media, particularly by use of a write blocking device so that modification of the original is prevented, (Sammons, John, 2012). In spite of that, expansion of the storage media as well as developments like cloud computing have resulted to further use of live acquisitions whereby a reasonable copy of the data is to be acquired instead of acquiring the entire image of the physical storage device. This acquired image and original data/media are to...

For example, one of the articles in the "International Journal of Digital Evidence" in 2002 described this stage as "an in-depth systematic search of evidence related to the suspected crime." A researcher known as Brian Carrie in 2006 also described an "intuitive procedure" where clear evidences are firstly identified and then exhaustive searches are carried out to start filling in the holes. Even though the actual analysis process can differ depending on the investigations, the general methodologies always involves carrying out of searches pertaining keyword across the digital media, especially in files and unallocated and slack space, recovering all files deleted as well as extraction of registry information (such as attached USB devices, or list user accounts.
This recovered evidence then undergo analysis in an attempt to reconstruct events or actions and to settle at a conclusions, a job that even the less specialized staff can do. Upon satisfied that all the required information has been found and investigation is over the data presented, and it can be in form of a written report, (United States Department of Justice, 2002).

Apart from digital forensics commonly used in criminal law it can also be used in private investigation. For along time it has been known to be applied in criminal law in which evidences are gathered to either support or oppose an allegation before the courts. In other areas of forensics in involves the broader investigation covering various disciplines. At times the gathered evidence is brought in as part of intelligence gathering that can be used for other reasons apart from the one for the courts, such as in identifying, locating or halting other crimes. Due to that collection of intelligence is in some occasion held to a less strict forensic standard. Digital forensics can form part of the electronic discovery process in civil; litigation or corporate matters. Procedures involved in the forensic are the same with the ones in criminal investigations, however with diverse legal requirements and limitations, (Marshell, Angus M., 2008). If not in courts, digital forensics may be part of internal corporate investigations.

From 2000, in an attempt to respond to the standardization of the ever growing need, different agencies and bodies have come up with their guidelines for digital forensics. A 2002 paper was produced by the Scientific Working Group on Digital Evidence (SWGDE), "Best Practices for Computer Forensics," after which in 2005, there was publication of an ISO 17025 which included "General requirement for the competence of testing and calibration laboratories." In 2004, a European lead international treaty; the Convention on Cybercrime, emerged into force aiming at reconciling national computer crime laws, techniques of investigations and international co-operation. Different countries have taken part in the signing of the treaty all over the world; among them are U.S., UK, Japan, and Canada.

Contrary to earlier days, mobile devices have widely emerged. They have continue advancing further beyond their just simple communication devices, as majority have realize their rich forms of information, escalating other more crimes which did not exist with digital forensics. Another focus has been directed towards internet crime, especially the risk of cyber terrorism and cyber warfare, (Casey, E., 2002). As we continue moving forward digital forensic fields still has some pending issues to be resolved as more are continuing to pile up. Peterson and Shenoi identified biasness in Windows operating systems regarding digital forensics research in their research article. Moreover Simson Garfinkel in 2010, recognized different aspects that digital investigation will be facing in the future; the wide availability of encryption to consumers, increasing size of digital media, growing number of people owning multiple devices, increasing array of operating systems and file formats, as well as legal limitations on investigators.

Limitations

Some of the challenges that digital forensic investigators face include: whether one can preserve or duplicate evidence without knowing the duplication itself essentially changed the data; critical time lines for determining who did what and when; For and an investigation to state decisively that Action A caused Result B, the concept of repeatability has to be introduced, (Nelson, Bill, 2004). This seems to be complicated with digital forensic.

Legal Implications

Digital media is examined by national and international legislation. In terms of civil investigations, specifically, there can be restriction by the laws towards the abilities of analysts to carry…

Sources used in this document:
References

Carrier, Brian D. (2006). "Risks of live digital forensic analysis." Communications of the ACM

Casey, E. (2002). Handbook of Computer Crime Investigation: Forensic Tools and Technology. Academic Press.

Casey, Eoghan, (2000) Digital Evidence and Computer Crime (Second Edition). San Diego, CA: Academic Press.

Farmer, Dan, (2005) Venema, Wietse. Forensic Discovery. Addison-Wesley Professional.
United States Department of Justice, (2002) "Computer Crime and Intellectual Property Section Criminal Division, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations." http://www.cybercrime.gov/s&smanual2002.htm.
http://www.usdoj.gov/criminal/cybercrime/searching.html. Last visited January 14, 2004.
U.S. Secret Service. (2002). Best Practices Guide to Seizing Electronic Evidence, Version 2. http://www.cio.com/securitytools/BPGv2.pdf
Cite this Document:
Copy Bibliography Citation

Related Documents

Digital Forensics Technology: Why Open
Words: 2402 Length: 8 Document Type: Thesis

The rapid development of predictive routing algorithms that seek to anticipate security breaches are also becoming more commonplace (Erickson, 2009). Evidence acquisition through digital forensics seeks to also define preservation of all patterns of potential crime, regardless of the origination point (Irons, 2006). The collaboration that occurs in the open source forensic software industry acts as a catalyst of creativity specifically on this point. There are online communities that

Digital Forensics Importance of Hash Values
Words: 1350 Length: 5 Document Type: Essay

Hash Values in Digital Forensics Introduction Hash values denote condensed representations of digitized or binary content within digital material; however, they offer no additional information pertaining to the contents of any material interpretable by an individual. Moreover, the hash function is algorithms that convert variable-sized text quantities into hash values (which are fixed-sized outputs). Also called “cryptographic hash functions,” they facilitate the development of digital signatures, short textual condensations, and hash tables

Digital Forensics in Criminal Justice
Words: 997 Length: 3 Document Type: Book Report

Digital Forensics in Criminal JusticeThere are several recovery techniques digital forensic practitioners can use when they encounter broken or damaged devices with deleted files (Daniel, 2011). File carving involves searching for specific patterns of data that match known file formats within the raw data from the disk. Even if the file system information is missing, file carving can effectively recover files. Or, data imaging can capture an exact copy of

Capture Data Sources Using the Digital Forensics Tool
Words: 3217 Length: 12 Document Type: Term Paper

Digital Forensics to Capture Data Sources Network Intrusion Prioritizing Data Sources Account Auditing Live System Data Intrusion Detection System Event Log Analysis Malware Installation Prioritizing data sources Activity Monitoring Integrity Checking Data Mining Insider File Deletion Prioritizing data sources Use of Uneraser program Recovers the Deleted Data Network Storage A recent advance in information technology has brought about both benefits and threats to business organizations. While businesses have been able to achieve competitive market advantages through the internet technology, the hackers are also using the opportunities

Cloud Computing Digital Forensics the
Words: 1273 Length: 4 Document Type: Research Paper

This means that no deeper view into the system and its underlying infrastructure is provided to the customer." The constant flow of information makes compiling a forensics report on any given item very difficult. Legal issues may also hamper digital forensics in dealing with cloud issues. Cloud computing raises some unique law enforcement concerns regarding the location of potential digital evidence and its subsequent forensic analysis. When a savvy and

Casey Anthony Digital Forensics Can Be a
Words: 616 Length: 2 Document Type: Essay

Casey Anthony Digital forensics can be a useful tool when applied in the correct manner. The recent case of Casey Anthony and her murder trial demonstrated the role that digital forensics may play in the setting of justice. The purpose of this essay is to describe the role that the digital evidence played within the not-guilty verdict of Casey Anthony nearly over two years ago. This essay will address the problems

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now