Data deals with many aspects of Crime Investigation it can tell Criminal Investigator the time and place a suspect or witness may have been during the crime. You can get information about the suspect like hobbies, internet chat and even personal information such as birth date and credit card information. Computers open the world up to their users and bring what once seemed far to your fingertips. Understanding the computer system and how it works allows a person access to a vast amount of information. A look into the computer allows you to know about hackers and how they work it also allows you to understand computer crime and how to prevent it.
The computer system has come a long way from the old IBM, Commodore, Tandy, and Macintosh systems that we used in the early 80’s with7.25 disks to save all of our information on. Having to watch how much data that is stored on the system and if it could hold the amount of programs that we had is a worry of the past, hard drives have become larger and hold much more data than the older computer systems this leaves room for more vulnerabilities. As we save our lives bite by bite on the computer it has become a necessity to be able to use a computer efficiently and understand the best practices for them.
Some of the areas to look at when performing computer forensics are the HDD (Hard Drive Device) Bios (basic Operating System and RAM (Random Accessible memory. These parts of the computer are essential to running programs and storing data. Data can be encrypted, zipped, or even hidden on basic computer systems. The storage system controlled by the Operating system is an important factor to the level of security located on the computer. Windows, Macintosh, and UNIX are all different types of operating systems that operate on fairly different platforms and security. The highest security is the Unix system that offers 256 to 512 security the highest level of networking and personal computing encryption and password protection on the market. The next most secure system is the Macintosh it holds to the same standards as the Unix system but the user friendly interface allows many more vulnerabilities. Windows by Microsoft holds the lowest amount of security but it is the most user friendly.
When analyzing computer systems for Forensic purposes there are several factors that have to taken into consideration. The first on is does the computer have information located in the system cache or the memory chip. This is determined by the Forensic Investigator most often they will not turn off the computer but simply use tools to gather the information from the computer before cutting off the computer system and preparing it to be moved.
Steps for documenting and moving a computer system
1. Photograph the area that the computer system is locate at
2. Make a diagram of where the computer system is located
3. Look for any fingerprints on the computer system
4. Label the computer system and peripherals
5. Label all electrical and data cords
When moving a computer system, make sure that the search and seizer warrant is filled out properly and that all identification documentation is filled out. Then wrap the computer system securely with bubble wrap or paper make sure to tape off areas that have finger prints for the lab. Next box or crate the computer seculy do the same with any peripherals before sending them to the forensics lab.
The forensics lab will perform tests for DNA, fingerprints and remove information off of the computer that is vital to the case. Using fingerprinting software they will make a back up copy of the information located on the computer system and store the devices.
References
www.fbi.gov
Procedure For Preserving Electronic Data
The procedures for preserving electronic data start form obtaining a search warrant of the area you need to confiscate the computer device. If in a networked area get help from the administrator to obtain passwords and network share folders. Next document the crime scene drawing by a detailed sketch of where the computer system is located at. Take pictures of the area that the computer system is located make sure to get the serial number and make of the computer on the photograph. Lab Technician either performs a live acquisition of the computer system or Forensics Investigator performs a shut down and prepares the computer system for removal.
In the case of removal Forensics Investigator will have to consider several factors; first is the encryption on the computer system hard to crack, second does the system have files that may be left in the RAM or in swap files that you may need, third is there data stored on the network that you may need to access, fourth are there print outs that you need to make exact comparisons with.
Mark each cord or wire that is plugged into the computer system. Fill out proper paper work, such as chain of custody, number of the computer, serial, make and brand if the operating system is known include that as well. Collect all hard ware such as keyboard, mouse, screen, and any other peripherals connected to the computer. Wrap the computer and each peripheral in a secure bubble wrap and place it in individual shipping boxes for further Lab Analysis cover any figure prints that may be left or lift finger prints before sending the computer system to the lab.
Make sure the Lab Technician analysis fingerprints, checks for DNA evidence such as hairs in the keyboard. Make sure that the devices are identified; check on the internet for make and model of each device acquire date of acquisition and date of make. Use Forensics Tool kit or Forensics Autopsy to analyze all data located on the computer system check deleted files, swap spaces and BIOS. Remove and back up all files on the computer system to a safe place for further analysis.
References:
Criminalistics (An Introduction To Forensic Science (Ninth Edition) Richard Saferstein Publisher Person/ Prentice Hall Copy right 2007
No comments:
Post a Comment