1 / 17

Understanding Evidence in Computer Forensics: Law Enforcement, Citizen Rights, and Fourth Amendment

This article explores the critical role of evidence in computer forensics and its implications for law enforcement and citizens. It covers the necessity of probable cause for searches, the Fourth Amendment's requirements, and the distinction between private citizens and law enforcement roles. Key aspects of evidence, such as relevance, competence, and types (primary, secondary, direct, circumstantial), are explained. Additionally, the article discusses evidence collection strategies, handling exceptions like hearsay, and the importance of maintaining a proper chain of custody.

louis
Télécharger la présentation

Understanding Evidence in Computer Forensics: Law Enforcement, Citizen Rights, and Fourth Amendment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evidence Computer Forensics

  2. Law Enforcement vs. Citizens • Search must have probable cause • 4th amendment search warrant • Private citizen not subject to 4th amendment • Private citizen may be a police agent

  3. Role of Evidence • Material offered to judge and jury • May directly or indirectly prove or disprove the crime has been committed • Evidence must be tangible • Electrical voltages are intangible • Hard to prove lack of modification

  4. Evidence Requirements • Material – relevant to case • Competent – proper collection, obtained legally, and chain of custody maintained • Relevant – pertains to subject’s motives and should prove or disprove a fact

  5. Chain of Custody • Who obtained it? • Where and when was it obtained? • Who secured it? • Who had control or possession? • How was it moved?

  6. Types of Evidence • Best • Primary, original documents, not oral • Secondary • Copies of documents, oral, eyewitness • Direct • Can prove fact by itself • Does not need corroborative information • Information from witness

  7. More Types • Conclusive • Irrefutable and cannot be contradicted • Circumstantial • Assumes the existence of another fact • Cannot be used alone to prove the fact • Corroborative • Supporting evidence • Supplementary tool

  8. More Types • Opinion • Experts give educated opinion • Hearsay • No firsthand proof • Computer generated evidence • Real • Physical evidence • Tangible objects

  9. More Types • Documentary • Records, manuals, printouts • Most evidence is documentary • Demonstrative • Aids jury in the concept • Experiments, charts, animation

  10. Hearsay Rule Exception • Business record exemption to hearsay rule • Documents can be admitted if created during normal business activity • This does not include documents created for a specific court case • Regular business records have more weight • Federal rule 803(6) • Records must be in custody on a regular basis • Records are relied upon by normal business

  11. Before the Crime Happens • Select an Incident Response Team (IRT) • Decide whether internal or external • Set policies and procedures • If internal, include • IT • Management • Legal • PR

  12. Incident Handling • First goal • Contain and repair damage • Prevent further damage • Collect evidence

  13. Evidence Collection • Photograph area • Dump contents from memory • Power down system • Photograph internal system components • Label each piece of evidence • Bag it • Seal • Sign

  14. Forensics • Study of technology and how it relates to law • Image disk and other storage devices • Bit level copy (deleted files, slack space,etc) • Use specialized tools • Further work will be done on copy • Create message digest for integrity

  15. Thing to Look For • Hidden Files • Steganography • Slack Space • Malware • Deleted Files • Swap Files

  16. Trapping the Bad Guy • Enticement • Legal attempt to lure a criminal into committing a crime • Provide a honeypot in your DMZ • Pseudo flaw (software code) • Padded cell (virtual machine) • Entrapment • Illegal attempt to trick a person into committing a crime

  17. Liability • Company must practice due care • Management must practice due diligence • Follow the prudent person rule • Watch for downstream liabilities

More Related