Assignment
Name
University
Course Name
Instructor’s Name
Date of Submission
Review Questions
1) Organizations mentioned in the chapter that provide computer forensics training i) The FBI Computer Analysis and Response Team (CART) ii) The Department of Defense Computer Forensics Laboratory (DCFL)
2) FALSE
3) Fourth Amendment
4) The triad of computing security includes: vulnerability assessment, intrusion response, and investigation.
5) Three common types of digital crime
i) Financial fraud: This involves using credit cards belonging to third parties to undertake online financial transactions. ii) Hacking: Remotely gaining unauthorized access to a computer system belonging to a third party. iii) On-line stalking is the
…show more content…
Depending on the operational, business or legal requirements, the actions taken in this phase tend to vary (Carrier, 2005). For instance, an investigator may be obliged by law to make a full copy of the crime data. ii) Evidence Searching Phase: Once the data has been preserved, it is imperative to locate the evidence. This step embodies searching for data that either refutes or supports the hypothesis pertaining to the incident. Depending on the nature of the incident, some known locations will be surveyed. For example, a case pertaining to Linux intrusion may prompt the investigators to search for possibilities of a newly-created user account or a rootkit. Most importantly, investigators should focus on evidence that refutes rather than supporting the hypothesis. iii) Event Reconstruction Phase: This is the final phase of the investigation. In this phase, the investigators assemble the evidence acquired to ascertain the events that took place in the system (Carrier, 2005).
2) Carrier 's 4 Phases of Analyzing a Hard Disk
The first phase of analyzing a hard disk is locating the partition tables and their data structures. In the second phase, these partitions are processed in order to identify their layout and how they are merged. Third, the layout information is extracted and fed into a data analysis tool or a file system that maps the offset of the partition. Alternatively, this information can be printed to help the user
Fraud is defined as the intentional deception or misrepresentation of facts that can result in unauthorized benefit or payment. Abuse is
Imagine that you are investigating a case where the suspect is believed to have deleted information from his or her computer that might be evidence. Where would you look for this evidence?
card fraud. In reference to money Laundering we will the complex process of how criminals
This stage one of criminal investigation is considered to be one of the most important stages of criminal investigation. An unprofessional mistake made by a first responding officer can extensively destroy the whole investigation. By following the correct procedures and rule the first responding officer can eliminate the chance of making mistakes during the initial investigation. The lack of knowledge can also disrupt a criminal investigation. The first responding officer is likely to conduct a successful investigation if he knows how to deal with the problems at the crime scene therefore, the first responding officer need to have good knowledge about the investigative procedures.
In an investigation, an investigator must find ways to recreate an event that had taken place. In order to do so an investigator must talk to witnesses and victims of the crime. Witnesses could include those who either heard or saw something. Many witnesses may not come forward so an investigator may need to ask people who live around the area or people who work around the area where the event took place. An event can also be recreated from the evidence that was gathered from the scene of the crime. With both the statements from the witnesses and the victims along with the evidence from the scene, the investigator must put all of the pieces together and recreate the event that had taken place (Adkisson, 2011).
The forensic technician will record the date and the time the call-out was received. The forensic technician will meet with the investigator and will be briefed about the incident that occurred. The tech will record the time they arrived at the scene and when the briefing commenced. After the briefing has
Further, the ultimate challenge in both settings is that the investigative process sufficiently confirms all likely sources of information are identified, while providing reasonable assurance that any source/suspect who is eventually interrogated is responsible for the alleged act or has access to the critical information sought. This process should make use of all available information (e.g., physical evidence, witness reports, apparent motive, access, opportunity, etc.), including in some cases a lack of
A computer forensic investigation typically includes the collection, examination, analysis, and reporting of data. These steps could have been used to extract and preserve the data in the U.S. versus AOL case. Collection involves seizing digital evidence. Examination is where techniques are applied in order to identify and extract data. Analysis is using the data and resources to prove a case (Brecht, 2015). Reporting involves presenting the documentation gathered during the investigation. Investigators use these steps to examine evidence that could be needed in a trial. Following these steps is one way to ensure that the findings are sound and admissible in court. “The purpose of a computer forensic examination is to recover data from computers seized as evidence in criminal investigations (Brecht, 2015)”. Forensic tools are used by investigators to provide their collection, indexing and detailed analysis
They include: (1) the commission of the crime, where the victim is involved (2) the discovery of the crime, where the victim is discovered (3) and the beginning of the investigation, where the investigators become aware of the case and background investigation (4) The phases of the investigation then begin. The investigator discovers answers that reveal the identity of the perpetrator and s/he is taken in for questioning. (5) The identification of the perpetrator is then deemed true or false and if false the true perpetrator is found. (6) The perpetrator is then removed from society and (7) the investigators resolve the crime and assess the case. (Harriss, 2011) This viewpoint allows for viewers to uncover the truth within the time slot
So for an example, the investigator can say, this is a murder, the person was stabbed, and the motive was this person was caught having an affair. After the investigator comes up with his hypotheses he/she will then test it, if the evidence does not support his/her theory then he would start over on figuring out what, why and how it all occurred.
You will find valuable information and steps need to be taken when investigating this type of crime. The information will make it clearer on how to properly conduct a search and to obtain or seize evidence while on the field in order to search, obtain, and secure the evidence that is located while investigating. It is very important that the reader understands the steps so that there will not be a question of the evidence seized and the evidence will be admissible when it comes to a trial when convicting the individual who has committed this crime.
Next, evidence is collected and analyzed, including tangible evidence such as hard drives and electronic devices, and the digital evidence they contain. Cybercrime investigations for instant messaging rely on instant messaging exchanges, or conversations between people, as digital evidence. The data includes the IM text and the “meta-data” includes other related evidence such as timestamps, length of time the user has been logged on, and more. Then you must seek expert advice if necessary since these crimes can get extremely technical. For crimes relating to
In the documentation stage of an organized approach for processing the crime scene all functions have to correspond and be consistent in depicting the crime scene. The final results of a properly documented crime scene are the ability of others to take the finished work and reconstruction the events that occurred at the scene and make a court room presentation. In the Scene Documentation stage there are three simple steps to properly document the crime scene written notes and reports, photographs, sketching.
Fraud is defined as a deliberate misrepresentation that causes a person or business to suffer damages, often in the form of monetary losses through deception or concealment. And Occupational Fraud as defined by the ACFE is the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets. Traditional fraud triangle theory by Donald Cressey explains that propensity of fraud occurring in an organization lies on three critical elements which are Pressure, Opportunity, and Rationalization.
In simple terms, computer or digital forensic evidence analysis is the scientific collection of data that is either retrieved or held by a computer storage device that can be used against a criminal in a court of law. For the information to be used in court it should be collected before it is presentation; therefore, there are a number of recommendations proposed to make sure that information collected meets the intended integrity.