Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Digital Forensic Evidence
Transcript of Digital Forensic Evidence
Cameron, Stuart. "Digital Evidence." FBI. N.p., Aug. 2011. Web. 08 Oct. 2012. <http://www.fbi.gov/stats-services/publications/law-enforcement-bulletin/august-2011/digital-evidence>.
"Cyber Forensics: Evidence Collection, Management, and Handling." Security Trancends Technology, 5 Mar. 2009. Web. 20 Oct. 2012. <http://www2.tech.purdue.edu/cit/Courses/cit556/Conferences/San.pdf>.
"Digital Evidence Analysis: Metadata Analysis and Extraction." National Institute of Justice. N.p., 05 Nov. 2012. Web. 08 Nov. 2012. <http://nij.gov/nij/topics/forensics/evidence/digital/analysis/metadata.htm>.
Kozushko, Harley. "Digital Evidence." N.p., 23 Nov. 2003. Web. 08 Oct. 2012. <http://infohost.nmt.edu/~sfs/Students/HarleyKozushko/Papers/DigitalEvidencePaper.pdf>.
Lefton, Scott. "A Practical Guide to Presenting Electronic Evidence at Trial." Midwest Trial Services, n.d. Web. 20 Oct. 2012. <http://www.midwesttrial.com/documents/A%20Practical%20Guide%20to%20Presenting%20Electronic%20Evidence%20-%20FINAL.pdf>.
"NCFS- Digital Evidence." NCFS- Digital Evidence. N.p., n.d. Web. 8 Oct. 2012. <http://www.ncfs.org/digital_evd.html>.
Paul, Henry. "Best Practices in Digital Evidence Collection." Computer Forensics and Incident Response. N.p., n.d. Web. 20 Oct. 2012. <http://computer-forensics.sans.org/blog/2009/09/12/best-practices-in-digital-evidence-collection/>.
Wwdt4h. "Rules of Digital Evidence and Access Data Technology." Scribd. AccessData Corporation, n.d. Web. 08 Oct. 2012. <http://www.scribd.com/doc/32210834/Rules-of-Digital-Evidence-and-Access-Data-Technology>.
2. Al-Zarouni, Marwan. “Mobile Handset Forensic Evidence: A Challenge for Law Enforcement”.
3. Australian Digital Forensics Conference. Edith Cowan University. Abstract. December 4, 2006
5. Introduction to forensic Science and Criminalistics. Mc Graw Hill. R.E Gaensslen, Howard A. Harris, Henry Lee.
7. Craiger, J.P., Politt, M., &Swagger, J. Digital Evidence and law enforcement. To appear in H.Bidgolio (Ed.), Handbook of Information Security. New York: John Wiley & Sons, 2005
8. Wayner, P. Disappearing Cryptography Information Hiding: Steganography and Watermaking. San Fransiciso: Morgan Kaufann, 2002
10. http://topics.info.com/Computer-Forensics_572 Evidence Digital Evidence Court: Something that makes a fact or point at issue more or less clear for the trier of fact Criminal Investigation: Something that provides proof of a crime or no crime, including various elements of that crime. Digital forensic evidence is information stored or transmitted in binary form that may be relied on in court, to help jurors establish the facts of the case and support or refute legal theories of the case. What is digital evidence and forensics? Devices Digital evidence can be found on a computer hard drive, a mobile phone, a personal digital assistant (PDA), a CD, and a flash card in a digital camera, GPS devices, MP3's etc.. Digital evidence can be extracted from almost any electronic device that we use or input data into. Digital Forensics Digital evidence is commonly associated with electronic crime, or e-crime, such as child pornography or credit card fraud. However, digital evidence is now used to prosecute all types of crimes, not just e-crime. For example, suspects' e-mail or mobile phone files might contain critical evidence regarding their intent, their whereabouts at the time of a crime and their relationship with other suspects. Digital Forensics is the collection, preservation, discovery, analysis, and presentation of evidence found on digital devices. Digital forensic investigation experts draw on a variety of methods for discovering, analyzing, and scientifically verifying information that resides on all kinds of digital devices Sources of electronic data have grown exponentially with the popularity of, for instance, text messaging, social networking, and e-mail.This highlights the importance of not only collecting such digital evidence but also having up-to-date procedures for its proper handling, archival, and maintenance, particularly to ensure its suitability for presentation in court. -Sources of electronic data have grown exponentially with the popularity of text messaging, social networking, and e-mail.
-Key component of police investigations and a potential source of evidence that could prove critical in supporting the prosecution of different types of crimes. Law enforcement agencies and departments are training more investigators to specialize in recognizing, handling, and deciphering the information on computers and digital devices. -Involves crimes such as terrorism, child pornography, violent crimes, theft or destruction of intellectual property, corporate crimes, Internet crimes, and financial fraud and embezzlement The most important step for a first-responder investigator is to determine how best to preserve that device and its data. -Recording and documenting the scene, including photographs of the mobile device in an undisturbed state should be included. Types of Digital Evidence Image acquired from google images -Computer Hard Drive
-Personal Digital Assistant
-Flash Card in Camera
-GPS Device Image taken from google images -Evidence from mobile phones is becoming more and more important
-Usually related to drug investigations or child pornography
-Cell Phone Towers- help with tracking a person
-Terrorists used cell phones to detonate the bombs in the Madrid bombing that killed 190 in 2004 - For law enforcement officers to obtain evidence legally they must have probable cause and a warrant that allows for search and seizure. -Exporting information from several digital devices and importing it into the software-investigators can see a timeline of events
-Makes it easier for investigators to understand what happened
-Also, makes it easier for the jury to understand the criminal activity and any connections among offenders -Vital in computer and
-Crime Scene Photos
-Surveillance Tapes FISWG- develop consensus standards, guidelines and best practices for the discipline of image-based comparisons of human features, primarily face Past Method-
-Confiscate computer, then create an exact duplicate- called an image
-Some data can not be recovered once the computer is shut down
-Collect as much data as possible at the scene, while the device is still on
-Evidence should not be changed in any way while it is being collected
-Only those with the specific training should examine the evidence
-Everything must be documented BTK Killer
-“Bind, Torture, Kill”
-Sent a message to police on a floppy disk
-Found a link to his first name “Dennis” and to the Lutheran Church he attended
-Police came across Dennis Rader
-DNA evidence was a close match to Rader’s daughter, so they knew the killer was related to her
-This was enough to make an arrest
-He plead guilty- sentenced to 10 consecutive life sentences. Eligible for parole in 2180. -Software and operating systems are rapidly changing and being updated
-Law enforcement has to constantly update their tools and training
-One example is the Cloud- Apple product
Create, share and store files on remote computers- this disguises the identity of the person
-There are many training courses that help to train investigators Training Data Mining Cell Phones -Evidence can change from moment to moment within a computer.
-Transmission lines can easily be altered
-Changes can be made during collection. -Many people can not read computer evidence because of the complexity of the systems
-Investigators usally need software to help mine the vast amounts of data that is stored on computers and other devices Problems One of the most problematic part of the whole process is linking specific individual to documents and logs found. Linking the Data Conclusion Practical investigations tend to rely on multiple streams of evidence which corroborate each other
- each stream may have its weaknesses, but taken together may point to a single conclusion THE END