OtherPapers.com - Other Term Papers and Free Essays
Search

The Role of Computer Forensics to Law Enforcement

Essay by   •  July 12, 2011  •  Research Paper  •  2,267 Words (10 Pages)  •  2,075 Views

Essay Preview: The Role of Computer Forensics to Law Enforcement

Report this essay
Page 1 of 10

The Role of Computer Forensics to Law Enforcement

Introduction

Forensics can be defined as the use of science during an investigation in order to establish precise and accurate facts regarding a criminal proceeding. Computer forensics specifically refers to the acquisition, analysis and reporting of data that has been found in computers in order to aid in the investigation. Computer forensics bases on the fact that computer and digital operations usually leave a trace behind, which serve as a trail of the crime. The main objective of computer forensics is to examine the validity of electronic evidence in a manner that is acceptable in a court of law. The basic procedures involved in computer forensics are the identification, preservation, recovery, analysis and preservation of digital evidence gathered. Computer forensics does not only play a significant role in alleviating computer crime but also an integral process in civil proceedings that involves the application of techniques and practices aimed at the establishment of a legitimate examination trail. Computer forensics is plays an important role in facilitating criminal investigation through facilitating admissible evidence collection, analysis and forensic reporting. In addition, computer forensics can aid in the investigation of crimes that conventional forensic investigation cannot be effectively deployed.

The practices involved in the examination of digital evidence and evidence collected because of computer forensics investigation are usually the same. The admissibility of digital evidence in a court of law is impeded by the fact that most digital evidence is collected without legal authority. This implies that digital investigation is problematic in making collected evidence acceptable in a law court (Brenner, 2007). With the chief objective of acquiring and analyzing digital evidence, there are three fundamental steps in making the collected evidence acceptable in a law court: evidence acquisition, authentication and relevance, and analysis. A typical example to illustrate this is during the seizure of a suspect's hard drive, a copy of the hard drive is made, after which it is analyzed to ascertain relevance to the court case and identify potential evidence such as deleted files. Evidence acquisition for electronic evidence varies depending on the type of evidence. The significant challenge is acquiring electronic evidence to ascertain its location. For instance, some computer forensic processes require the examination of data stored in hard drives and log files, which are stored in the Random Access Memory of the computers. There is standardized procedure in gathering electronic evidence, implying that the investigator must deploy suitable evidence collection methodology in order to secure the electronic evidence. It is also imperative that the investigator must collect the evidence in its raw state to not to temper the integrity and value of the evidence. Integrity and value of the evidence plays a significant role in making electronic evidence acceptable in a law court. Some of the steps involved in collecting digital evidence include the chain of custody, identification, preservation, and finally transport and storage. The chain of custody serves to protect the evidence and ensure that the evidence was not subjected to alteration and modification during the period that the evidence was in custody. Identification of evidence requires immense expertise concerning computer hardware and digital media. It is important to collect the evidence immediately after its identification in order to avoid modification of the evidence due to subsequent computer usage. Duplication and imaging is sometimes done in order to facilitate a systematic analysis of the evidence. The forensic investigators have the responsibility of ensuring that the duplicating utility does not alter or introduce new features into the original collected evidence. Duplication of evidence is bound to affect the admissibility of evidence in a court; this implies that the computer forensic investigators have to ensure that the copy is an exact replicate and a valid one. In addition, they must ascertain the repeatability of the imaging process.

The second significance of computer forensics in criminal law with respect to making digital evidence admissible in a law court is authentication of the evidence. This entails ensuring that the gathered evidence represents the exact copy during the time of identification of the crime. In this context, the forensic investigators have responsibility of ensuring that the collected evidence is from a computer or any digital media that was available at the crime scene during identification of the crime. The evidence must not be altered or destroyed in order to prove its authenticity. One vital technique used in evidence authentication is time stamping, whereby the duplicated evidence is compared with the original copy of the evidence.

A third significance of computer forensics in making electronic evidence acceptable in a court of law is to evidence analysis. This involves using validated tools that are not bound to taint the evidence collected. Some of the most common activities during evidence analysis include searching the database files for any pertinent data, searching and recovery of deleted files and noting the changes in the system states. Report generation accompanies the analysis process whereby all the steps involved during the computer forensics investigation processes are documented in a manner that they depict the relevance of the evidence to the case. The report generated must be able to counter any legal challenges in the courtroom (Kruse & Heiser, 2002). It is arguably evident that the procedures involved during computer forensics facilitate in the admissibility of evidence in a criminal court.

Various kinds of crimes and incidences warrant the deployment of computer forensics investigation in order to uncover the offenders and the nature of crime. One of the most common crimes that require computer forensics is network intrusion and hacking crimes. These entail gaining unauthorized access to people's networks and computer systems. Hacking and network intrusion are typical examples of violation of computer security policies (Kruse & Heiser, 2002). The main objective behind hacking and network intrusion is to steal and modify information without the knowledge of the owner. The application of computer forensics in this case is to examine the log trails in order to identify the nature of information stolen and trace the hacker. It is therefore important for network administrators to have prior knowledge of computer forensics in order to counter hacking and network intrusion crimes. In addition, network and information systems administrators require fundamental computer forensics

...

...

Download as:   txt (14.9 Kb)   pdf (158.5 Kb)   docx (13.1 Kb)  
Continue for 9 more pages »
Only available on OtherPapers.com