1 / 27

Search & Seizure of Electronic Evidence by Pelorus Technologies

Pelorus shares a presentation on search & seizure of electronic evidence Digital evidence is any digital information which is received from computers, audio files, video recordings, digital images etc. The evidence obtained is essential in computer and cyber crimes. For more information on search & seizure of electronic evidence visit our website.<br><br>

prins1
Télécharger la présentation

Search & Seizure of Electronic Evidence by Pelorus Technologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SEARCH & SEIZURE of Electronic Evidence

  2. DIFFERENCE BETWEEN Digital Evidence Physical Evidence 1. Less tangible than Physical Evidence 1. Tangible Evidence 2. Made of magnetic field and electronic pulses 2. Consists of real world physical things 3. It can be duplicated exactly and a copy can be examined exactly as if were the original 3. It is not possible to duplicate physical evidence. Original needs to be examined 4. It can be destroyed, damaged or manipulated easily but at the same time the deleted data can be recovered easily using proper methods 4.Deleted or destroyed evidence is hard to bring in its original form

  3. DIGITAL EVIDENCE IS EVERYWHERE Terrorism Child Pornography Crimes of Violence Trade secret theft Theft or destruction of intellectual property Financial crimes Property crimes Internet crimes Fraud

  4. IMPEDIMENTS IN THE INVESTIGATION OF CYBER CRIME There is no eye-witness account to the digital crime. It is a trans-national crime. The investigation becomes difficult as the procedures to acquire evidence are too tedious and time-consuming. The extradition process is tedious too.

  5. DIGITAL EVIDENCE MAY NOT BE DESTROYED “Deleted” files really aren’t Even “erased” files can be recovered as a result of how the write heads drift “Physically destroyed” drives can be recovered in many cases Experienced forensic technicians can recover data even if the device is damaged

  6. PREPARATIONS / PRECAUTIONS FOR SEARCH AND SEIZURE Preparations Before going to Search and Seizure Precaution to be taken on reaching the search spot Precaution to be taken After Search and Seizure

  7. PREPARATIONS BEFORE GOING TO SEARCH AND SEIZER Still and video camera Hand gloves Permanent Markers Labeling Materials Sealing Materials Stationary Finger Print development kit Take along Digital Forensics Analyst

  8. STILL AND VIDEO CAMERA HAND GLOVES

  9. LABELING MATERIALS, SEALING MATERIALS & STATIONARY

  10. PERMANENT MARKERS SCREW DRIVERS SET

  11. TAKE ALONG DIGITAL FORENSICS ANALYST

  12. PRECAUTION TO BE TAKEN ON REACHING THE SEARCH SPOT Secure the spot Preserve the fingerprints Restrict the access to a computer(s) Don’t accept the help of the suspect for operating the computer Make the Computers Standalone(Remove LAN/Telephone/ Wi-fi/Blue tooth etc) If computer is/are “OFF”; don’t turn “ON”

  13. PRECAUTION TO BE TAKEN ON REACHING THE SEARCH SPOT Some screen savers will show that the computer is off hence to make sure by checking the light of CPU. If the computer is “ON” then note down the date and time of the computer system, don’t try to correct it. Take the photograph of the Monitor screen

  14. PRECAUTION TO BE TAKEN ON REACHING THE SEARCH SPOT Don’t shut down the computer in the normal manner but for shutting down pull the power cord from the CPU and not from the wall point. (to avoid the booby trap) Photograph the scene, then disconnect all power sources; unplug from the wall and also from the back of the system. Draw the sketch of the scene of the spot.

  15. PRECAUTION TO BE TAKEN ON REACHING THE SEARCH SPOT Label all the types of equipment, connectors, and cable ends to allow reassemble as needed. Seal all the ports and also screws of the CPU with a paper seal. Pack and seal the equipment carefully and a sample of the same seal must be sent to the FSL where the analysis of the CPU will be carried out.

  16. ADDITIONAL POINTS TO BE COVERED DURING THE SEARCH AND SEIZER Examine the persons, including suspects for the passwords, username, etc. Search the premises for the printouts, handwritten notes, diary, notebooks, etc, for the passwords, username, etc. Search the premises for the software /programs, printouts, handwritten notes, financial transactions, books, etc, which may be of vital importance to the investigation. In personal search look for the pen/flash drives which might be attached to key chain and may contain huge important data.

  17. WHAT SHOULD BE SEIZED Leads in certain cases (Doubt seek expert advice) Portable/external storage devices Relevant printouts CPU Hard disk not fitted in PC Modems (Some may contain Phone nos)

  18. WHAT SHOULD BE SEIZED Back up tapes MMC/Memory Sticks Digital Cameras CPU Wireless Network Cards If finger prints are present on Key board, mouse, Monitor, Printer etc

  19. SCREW DIGITAL EVIDENCE CAN BE ANYWHEREDRIVERS SET (Devices we expect)

  20. SCREW DIGITAL EVIDENCE CAN BE ANYWHEREDRIVERS SET (Devices we don't expect)

  21. SCREW DIGITAL EVIDENCE CAN BE ANYWHEREDRIVERS SET Places we don’t expect (wireless hard drives)

  22. SCREW DIGITAL EVIDENCE CAN BE ANYWHERE DRIVERS SET (Global Positioning Sensors)

  23. PRECAUTION TO BE TAKEN AFTER SEARCH AND SEIZER Packaging Transportation Storing

  24. PACKAGING, TRANSPORTATION AND STORING THE SEIZED COMPUTER Due to the sensitive and fragile nature of the computer evidence place the computer in a box properly cushioned with non-static material. Store the computer in a secure and dust-free place. The storage place should be away from the magnetic field, radio transmitters, and otherwise hostile environments. Store it in normal temperature

  25. PACKAGING, TRANSPORTATION AND STORING THE SEIZED COMPUTER The storage should not come in contact with water. As far as possible cover the mouse and keyboard with a polythene cover to preserve fingerprints. Don’t bend the Pen drives, Floppy, CDs, etc. Don’t place labels directly on Floppy drive/CD.

  26. FORWARDING DIGITAL EVIDENCE If the seized CPU is important as regards evidentiary value, the same should be sent to the Cyber Forensic Laboratory, Hyderabad with a questionnaire on the following address through a special messenger.

  27. THANK YOU!

More Related