forensics community.
2.4 Challenges of Digital Forensics
Digital technology evidence gathering and presentation presents challenges that are inherently different from other kinds of forensic investigations in other fields. Digital evidence is different from evidence that has been created, stored, transferred and reproduced from non-digital formats (Chaikin, 2004). In his study, he showed that the main difference between digital technology evidence and other forms of forensic science practice is the fact that digital evidence can be maliciously or accidentally manipulated by the actors involved thereby nullifying the validity of such evidence in proving the occurrence or existence of crime.
The differences in the nature of digital evidence
…show more content…
As technological advancement continues to outpace the skill acquisition rate of practitioners in the field, the challenge of adequate resource continues to pose as challenge to digital forensics.
Researchers have identified three factors as contributing to the increasing data volume which has become an issue for digital forensic practitioners. These factors are the increasing number of electronic devices available to users, the increase in device memory sizes now available at cheaper costs, and the number of investigations that involve application of digital forensic techniques. Examiners spend larger time closing out investigative cases with huge burdens placed on forensic laboratories.
However, as a way to overcome or limit the impact of this challenge, Rueben et al (2005) offered suggestions that can be adopted. This include; investigators only focusing on acquiring, examining and reporting on the data that is relevant to the case at hand. To determine relevant data, focus on the peculiar nature of the case and knowledge of the investigator can be criteria for making this judgment. As forensics involves working with data to generate relevant evidence, the possibility of applying the appropriate technology is key to ensuring
…show more content…
This layer describes the storage area on the device where the application is stored.
In general, there are three storage locations where social networking applications are stored. The first location is known as the Application Sandbox. The application sandbox is the standard location for most social networking applications; especially applications that run on the android and the IOS operating systems. Data stored on the application sandbox is not accessible to other applications that may be installed on the device; meaning this data is available only to the social network application itself. Represented below are the application sandbox storage locations of Skype on three different device types: o Android Device: /data/data/com.skype.radar o IOS Device: /private/var/mobile/Applications/789888-BCD6-7E5F-1425FDFFDE o Personal Computer:
This ultimately results is a subsequent communication which requires the holder to disclose those passwords or taking on an additional task of tracking the passwords. In both the cases, the level of work is expanded and the police investigator has to take on additional tasks then he was initially required to. This while increasing the cost of investigation also increases the time taken in investigation. Therefore while identifying the property, or the hardware of the computer, an inclusion needs to be made in relation to the passwords that may be protecting that hardware. Similarly for the data demanded in the digital format the investigator, would have to highlight that mere data in digital format is not required, but also the passwords or the code's which restrict access to that data are also required.
4.7.5 Data Preservation and Isolation from the Network. The main purpose of a digital forensic report is to keep the data integrity, avoiding any type of data alteration, in order to present valid evidences, for instance in a court. The use of not valid software to check the stored information in a mobile phone can alter these information. The action of receive new data can alter the information stored, for instance an automatic firmware update, or remote device control with the risks involved. Therefore, it is extremelly important have the device completely isolated from the network.
Comparing simple techniques simply to retrieve a piece of evidence is completely different as we learn more about the science and learn from the mistakes made in the past. Looking back at the 1800’s and comparing the technology of the 21st century, the difference is certainly huge. The increase in technology makes information more vast and more ideas can be shared easily. Many sciences are based off many “what ifs” while forensic science is more factual and attempt to solve puzzling occurrences and events and get down to what truly
dishonourable false testimonies in 1987, at the trial for a case of double rape that put Dale Woodall, a 29-year-old from Charleston, West Virginia, in prison for life. A brief background of the case entails a man wearing a brown and yellow ski mask had taken hold of two women outside a Huntington, West Virginia, shopping mall and raped them in the car of one of the victims. The women, not able to offer thorough account of the rapist, were ‘forensically hypnotized’ to improve their memories. Dale Woodall was put on trial, and Fred Zain distinguished one of his pubic hairs as being in the victim’s car and a semen stain as matching his blood type. ‘He testified that 1 in 10,000 people had Wooddall 's grouped and subgrouped blood type, a statistic
Case Study 1: BTK In 2005, serial killer Dennis Rader, also known as BTK (bind, torture, and kill), was arrested and convicted of murdering 10 people in Kansas between the years of 1974 and 1991. Rader sent numerous notes to the police, but they couldn’t prove for sure that he was the one committing the murders. In 2004, he began sending things to the police once again. However, this time Rader sent a document created in Microsoft Word on a floppy disk.
Compelling Evidence In today’s society, high-tech gadgets and the media have given the impression the essential necessity for forensic evidence in order to convict. Once in a while, cases like the Laci Peterson murder come along with little forensic evidence but a whole lot of circumstantial evidence and motive. In the following paragraphs, I will discuss the forensic evidence discovered that led to the conviction and death sentencing of Laci’s husband, Scott Peterson.
Science has come a long way over the years. It has helped countless every day struggles and cure diseases most commonly found. What you don’t hear about however is the advancement of forensic science. Forensic science has helped solve countless cases of murder, rape, and sexual assault. In the case of John Joubert, it helped solve the murders of three young boys with one small piece of evidence that linked him directly to the crime.
The murder case of Leanne Holland exposed the ways in which forensic science were both a help and a hindrance to the conviction and subsequent overturning of the verdict, against Graham Stafford. The body of 12-year-old Leanne Holland was found battered and partially naked in scrub 30m off Redbank Plains Rd on September 26, 1991. She went missing on Monday morning on September 23, 1991. According to descriptions, she was last seen wearing a long-sleeved purple jumper, black skirt and no shoes as she headed towards shops just 500m from her Alice St home in Goodna.
With the introduction of new technology in recent years, the government can discreetly capture evidence from electronic files,
i. Manage The term manage is used to mean acquiring the necessary contractual vehicle and resources that include financial resources that are used in running forensic labs and programs. It can also be used to mean to coordinate and build internal and external consensus that can be used to develop and manage an organizational digital forensic program. Management also is to establish a digital forensic team, usually, the one that is composed of investigators, IT professionals and incidents handlers to perform digital and network forensics. Management provides adequate workspaces that at minimum take in to account
The former being defined as the evidence collected in order to convict or rule out suspects, and the latter being defined as the way the investigators developed the investigation and how it evolved throughout the ensuing years. In order to evaluate these two different subjects, one needs to examine the similarities and differences between this investigation and theories about how investigation of this type develop, the nuances of this investigation not able to be explained by theory, investigatory elements that
Computer forensics processes must adhere to standards set by the courtroom that often complicates what could have been a simple data analysis. In court, knowing who connected to the system based on logs is not enough. There must be facts that will support those connection
I. INTRODUCTION Social Networking Sites (SNSs) are online platforms that users use to create Personal profiles, associates with companion and fuss in different parts. Social networking sites exhibits individual profile and facilitates with various other activities such as sharing information with each other. Social networking sites grab million of people in the globe who are united these websites into their daily life style. Social networking sites will become famous all over the world.
During this process the investigators should carefully search for all forms of potential electronic evidence that they do have permission to take such as: USB (Universal Serial Bus) storage media, optical discs, mobile phones, tablets, laptops, SD (Secure Digital) and similar cards, NAS (Network-Attached Storage). Other forms of forensic evidence should be also considered such as: fingerprints and DNA before collection of devices, passwords, notes, paper documents, and other information relevant to the investigation. The process of dead forensic is simple, reliable and thorough.
As far back as 2001 when the first “Digital Forensics Workshop” was held and a case for standards was made, considerable progress has been made in ensuring the growth and expansion of the practice of computer forensics. Mason (2003) suggested the need for standards by which digital forensic practitioners ensure that evidences for prosecuting cases in the law courts are valid as more judgments from a growing number of cases were reliant on the use of electronic and digital evidences in proving the cases. XXXX (2005 & 2007) emphasized the dynamic nature of technology and its impact on the digital forensics field. Hence, the need for having early standards in regulating the