July 16th, 2009 at 02:55am
Under Computer Law
Computer forensics is a lot like the CSI investigation programs on the television. Using advanced techniques and technologies, a computer forensic scientist will reconstruct a possible crime using the data that one computer systems. This data may include email trails, files, hidden directories and other related clues.
Computer Forensics is the scientific study of computers or computer related data in relation to an investigation by a law enforcement agency for use in a court of law. While this technology may be as old as computers themselves, the advances in technology are constantly revising this science.
While all computer languages are created with ones and zeros, it’s much easier to track what was done when, although by whom continues to be problematic. Forensic science has done well to keep up with the task of tracking and tracing what is done and creation of a timeline in an attempt to reconstruct a possible crime. Although it’s possible to clean and remove data from a hard drive, most people simply think that a delete key really removed the data. In actuality, the delete key simply removed the file location from an index file and the actual data is still safely on the system. It’s up to the data recovery skills of the forensic computer personnel to capture and restore that data without modification.
Computer forensics can be used to track emails, instant messaging and just about any other form of computer related communications. This can be necessary, especially in the world where computers and data travel around the world in seconds. Packet sniffers can literally be placed within a data stream and provide information on what’s running through the network in real time. This is really phenomenal considering the millions upon millions of data packets moving through any individual part of the network.
Computer forensic science is an interesting niche in the law enforcement field that is seldom considered as a career. As it’s relatively new, the field is considered by many to be wide open for anyone with the initiative to learn the skills. Unlike many computer related jobs, a computer forensic specialist will not be outsourced to a country on the other side of the world. The confidentiality of the data is just too sensitive to allow it to travel throughout the world just to save a little cash.
Abigail Franks writes on many subjects having to do with home, and Business. For more information on computer forensics visit the site at
http://www.openbriefcase.com
By Law Article
July 15th, 2009 at 02:54pm
Under Computer Law
Computer Forensics – A Brief Description
Computer Forensics is the function of utilising scientifically proven methods to assemble together and process data found on a digital device, (computer, hard disk drive, mobile phone, memory card etc), and interpret that data for possible use in a court of law or other theatre of investigation. The evidence may assist in the prosecution or a criminal, help in the defence of an accused person, or be of intelligence to an individual who is seeking knowledge for either personal or professional reasons.
The main users of Computer Forensics are law enforcement officers, as a large percentage of crimes in some way utilise digitally stored data. This data could be a phone call made on a mobile phone, (or cell phone), which could place an individual at the scene of a crime, (or of course away from it), accounts for illegal activities such as drug sales, images of paedophilia, human resource issues, hacking, email abuse, unauthorised data duplication, IP theft etc. Corporate organisations are utilising computer forensics more and more now as they often have to investigate incidents such as inappropriate computer use, inappropriate email use, unauthorised data duplication and disloyal employees. Human Resource departments and Internal Security are the biggest users of these specialist corporate services. Private individuals may also use these services. It may be the lover cheating on their partner, or inappropriate internet use by a family member.
Computer Forensics or Cyber Forensics as it is also known, is now taught at many colleges and universities around the world, and is available to both the law enforcement community and private individuals.
What to do if you suspect illegal or inappropriate activity on a computer or digital device:
1. Turn the power off – Pull the plug out if necessary
2. Secure the ‘exhibit’. Don’t allow anyone access to it, security seal it if possible
3. Contact a Computer Forensics Expert
What NOT to do if you suspect illegal or inappropriate activity on a computer or digital device:
1. Call your IT manager, or one of your technical staff
2. Get them to ‘see’ if the user has been looking at ‘dodgy’ websites or if any important files are missing
3. Sack the member of staff
The analogy of the above:
Imaging a body lying in a muddy field. There is a blanket over the body and something petruding from it. By not following procedures, what you will have done is the same as follows:
1. See the body
2. Walk up to the body in the field
3. Take the blanket off the body
4. Move the body to ‘have a look’
5. Put the blanket back over the body – ‘like it was before’
6. Leave the field
What you have just done:
Entered the scene of a crime, left YOUR footprints all over the muddy field, left YOUR fingerprints on the body and blanket, left YOUR DNA all over the place.
You then expect to call the relevant organisation/authority and have them try and find evidence, which has just been tainted by YOU or YOUR STAFF. This is not a good start, and could make the case in question inadmissible.
Remember that this is a very specialised service provided by experts. Use experts to do the job correctly in the first place, then there shouldn’t be a problem.
Simon Steggles
Disklabs Computer Forensics
www.disklabs.com/computer-forensics.asp
www.computer-forensics.co.uk
simon.steggles@disklabs.com
By Law Article
July 12th, 2009 at 02:54pm
Under Computer Law
There are many criminal cases where investigation is required. Investigators make use of the latest science and technology during investigation to get some proof or evidence for legal purpose while dealing with criminal matters. Doing such investigation by making use of latest technology and science is often called forensics. While the art and science of applying computer science to retrieve evidence to use within criminal or civil courts of law is called computer forensics.
Computer forensics experts make use of advanced tools that goes above and beyond the normal data collection and are able to recover even damaged and deleted files. The art of computer forensics include various processes to examine the computer system carefully to search for evidence. Mostly, computer forensics experts carefully examine and check for suspected data in computer data storage devices including hard drives and portable data devices like Micro Drives, USB Drives External drives and many more. The process also involves reviewing the Windows registry for suspect information, discovering and cracking passwords, keyword searches for topics related to the crime, and extracting e-mail and images for examination.
The first step in obtaining computer forensic evidence is obtaining a search warrant to seize the suspect system. This warrant must include wording allowing the investigators to seize not only the computer, but also any peripherals thought to be connected with the crime. A suspected counterfeiter, for instance, may have used his computer, a scanner, and a printer to produce his counterfeit documents, in which case all three items would need to be seized to provide evidence.
A thorough Computer forensic examination and its subsequent analysis is not something that can be done by anyone, a specialist in the field will be required to examine any suspect computer system that has been seized for this purpose. He will be able examine it as a detective rather than as an IT expert, he will not chase after isolated piece of information; instead he will let the clues and the digital data as a whole tell the story. To do this, and ensure that the evidence is acceptable to a court, he needs a foot in both camps – IT expert and detective. Computer forensics is done in a fashion that adheres to the standards of evidence that are admissible in a court of law. The main motto of computer forensic experts is not only to find the criminal but also to find out the evidence and the presentation of the evidence in a manner that leads to legal action of the culprit. They Identify sources of documentary or other digital evidence, preserve the evidence, analyze the evidence and finally present the findings. It can help companies track and recover millions of dollars of stolen digital assets. Many types of criminal and civil proceedings can and do make use of evidence revealed by computer forensics specialists including insurance companies, large corporations, criminal prosecutors, law enforcement offices, civil litigations and even individuals in support of possible claims of sexual harassment, wrongful termination or age discrimination.
Different countries each have their own computer forensic methods, standards, and laws. What is acceptable evidence in one country may not be in another. This is a serious problem when dealing with international crimes, as computer crime often is. The Internet may have no boundaries, but law enforcement does. Investigations that leap from server to server, from country to country, crossing many borders on the way are complicated not only by evidence handling differences, but also by political differences and legal differences.
By Law Article
July 11th, 2009 at 08:55am
Under Computer Law
Copyright (c) 2008 Steve Burgess
Computer forensics practices and procedures can diverge significantly depending upon whether the investigation is criminal or civil litigation. Standards for data collection evidence can be different, as can the process of data collection and imaging. Furthermore, the consequences of the case may have dramatically different impacts.
A couple of quick definitions may be in order. Criminal law deals with offenses against the state – the prosecution of a person accused of breaking a law. These offenses may include crimes perpetrated against an individual. “The People”, in the form of a state representative (for instance, the District Attorney) makes formal charges and the accused must then face the government’s full resources. Guilty outcomes can result in fines, probation, incarceration, or even death.
Civil law covers everything else, such as violations of contracts and lawsuits between two or more parties. The prevailing party often is entitled to payment, property or services from the loser. Imprisonment is not at issue in civil cases. As a result, the standard for evidence is not as high in civil cases as in criminal cases.
For the law enforcement computer forensics specialist, a certain amount of extra care should be taken in collecting data and producing results, for the standard of proof is higher. There are advantages on the data collection end, however. For once a court has authorized a search warrant, an officer (and possibly several) with badge and gun can go seize the defendant’s computer by surprise and by force. Once the computer has been seized and imaged, all data is accessible and may result in additional charges being brought against the defendant.
By contrast, in a civil case, there tends to be a lot of negotiation over what computers and what data can be inspected, as well as where and when. There is not likely to be any seizing of computers, and quite a long time may take place between the time the request to inspect a computer is made and the time the computer is made available to be inspected. It is common for one party to have access to a very limited area of data from the other party’s computer. During this time, a defendant may take the opportunity to attempt to hide or destroy data. The author has had several cases wherein the computer needed for analysis was destroyed before the plaintiff had the opportunity to inspect. Such attempts at hiding data are often discovered by the digital forensic sleuth, who may in turn present evidence of such further wrongdoing in expert witness testimony.
Opportunities for learning techniques and interacting with other professionals may differ as well. While some computer forensic software suites and training, such as Access FTK, EnCase, or SMART Forensics are available to most who can pay, others, such as iLook are available only to law enforcement and military personnel. While many support and professional organizations and groups are available to all, some, such as the High Technology Crime Investigation Association (HTCIA) are not open to professionals who provide for criminal defense (with a few minor exceptions).
Police, Homeland Security, and other law enforcement personnel’s goal is to generate a body of evidence significant enough (presuming such evidence exists) to find the criminal defendant guilty. The standard for information presented to the court and jury in such a case is fairly high. From the time digital data or hardware is seized and acquired, Rules of Evidence must be kept in mind (Cornell University has the complete and voluminous code on its website). Law enforcement personnel must follow accepted procedures or evidence could be thrown out. Acquisition of data and discovery in criminal cases often must follow sometimes strict and differing procedures depending upon whether the jurisdiction is federal, state, or municipality and at times depending upon a judge’s preferences.
The expert in a civil case may not analyze all of the data on a computer at a very deep level Initial efforts may rather be a kind of fact-finding mission, intended to determine the value of digging deeper and at greater expense. As such, the initial presentation of data may be fairly informal, and be just enough to induce the parties to settle the case. On the other hand, the data found may be so minimal the line of inquiry into electronic evidence is dropped.
Although we use many of the same tools, computer forensic professionals in private practice and those in law enforcement are held to different standards, have access to different resources, and their work results in substantially different outcomes between the criminal and civil cases to which they contribute.
Steve Burgess is a highly regarded expert in computer forensics, frequently testifies in court and is a well-regarded public speaker. He is a freelance technology writer, the principal of
Burgess Forensics, and a contributor to recently released Scientific Evidence in Civil and Criminal Cases, 5th Edition by Moenssens, et al.
By Law Article
July 11th, 2009 at 02:55am
Under Computer Law
The rate of crimes on internet and networks is increased to an alarming state by hackers, contractors, intruders and employees. Laws are enforced and computer forensics is practiced to avoid and prevent these crimes. Using computer forensics investigators use latest techniques of science and technology to find some evidence against crimes. The evidence will be collected for legal purposes when criminal matters are dealt. Investigation by using latest techniques of science and technology along with computer sciences to collect evidence in criminal and civil courts is called computer forensics. Experts use advanced tools to recover deleted, corrupted or damaged files from hard discs, flash drives and other storage media. A complete examination of windows registry, drives, cookies, deleted files, emails and all other relevant locations is done to find any clue to prosecute the case in law courts.
The first step in collecting evidence is to obtain warrant to search the suspected system. This warrant includes not only seizing and investigating the suspected computer but any devices connected with the crime are also included in it. A printer, scanner or any other device may be used with computer in making crime so these devices are also seized for investigation. Person who examines the computer system is not only an IT expert but a detective. He detects clues to find out the story or details of the crime. The main aim of an investigator or expert is to find out evidence not the culprit. Using computer forensics large amounts of money are recovered by following the law suits in civil and criminal courts.
Computer forensics specialist revealed frauds, crimes and corruptions in insurance companies, criminal prosecutors, large corporations and law enforcement office. The standards, methods and laws of computer forensics are different in different countries. Some evidence is acceptable in some countries but not in others while dealing with crimes at international levels. There is no boundary of internet so it is a problem while investigating and collecting evidences because different countries have different laws.
Personnel, Network administrators and security staff should have knowledge about computer forensics and its legal aspects. An expert should have authority to monitor and collect evidence related to intrusions and computer crimes. The use of security tools should be legal and according to the policies of the company and rules of the country. Computer forensics is a new discipline so the use of existing laws is instable while prosecuting computer crimes. Website of United States Department of Justice’s Cyber Crime is the reliable source of information and rules to apply it. Standards of computer forensics and list of recent cases which are in proceeding are given on the website. Evidences are collected in a way which is accepted by the court. Laws are being approved in the favor of personal data security in organizations.
Organizations have to prove that they have applied necessary securities. So when data is theft or affected then there will not be any lawsuit on the company if proper security applications and policies are installed and implemented.
Computer security law has three areas which one should know. First is in United States Constitution; it protects against unreasonable search, attacks and self-incrimination. These were written before problems occurred but tell how to practice them.
In the second area anyone practicing computer forensics should know the effect of three U.S. Statutory laws.
Wiretap Act
Pen Registers and Trap and Trace Devices Statute
Stored Wired and Electronic Communication Act
During the practice of computer forensics violations of any one of the above statutes lead to fine or imprisonment. If a company feels any doubt about that it has committed mistake it should consult with its attorney.
In third area U.S. Federal rules about computer crimes must be understood. There are two areas which affect cyber crimes
1. Authority to collect and monitor data
2. Admissibility of collection methods
If network or system administrators know about the legal and technical complexities of computer forensics or they are able to preserve critical data of the organization then it would be an asset of the organization.
By Law Article