Running Head: US Criminal Justice and Computer Forensics 1

US Criminal Justice and Computer Forensics

LaRon Walker

Master of Information Technology and Internet Security

July, 2010
 2

Abstract

Computer crimes have been on the rise for the past few years. New ways to gain unauthorized

access to network resources and files are being found daily, creating the need for the constant

adaptation of what the definitions of cyber crimes really are. There are many key elements that

are pertinent to a US criminal investigation. However, the most important aspect in collecting

computer forensic evidence is the ability to gather the information without altering it in any way.

When investigating a computer crime, the evidence must be gathered without any modification

to be admissible in court.
 3

US Criminal Justice and Computer Forensics

LaRon Walker

Master of Information Technology and Internet Security

July, 2010

There are many elements that exist in the US Criminal Justice system when it comes to

computer crimes. Computer crimes can vary from stealing confidential or proprietary

information, gaining unauthorized access to network resources or files, to the disruption of

electronic communications. This forces investigators to possess a solid forensics toolkit with a

variety of utilities that can gather information from remote and local hosts. According to the

article Digital Forensics (Barr, 2006), the most important component in investigating cyber

crimes is that of evidence acquisition. This includes the ability to gather an exact copy of the

digital evidence without tampering it in any way. Because digital evidence is so fragile, one of

the most common reasons why computer forensic evidence is inadmissible in court is because it

has been altered from the original form.

When gathering forensic evidence, there are four basic components which are performed.

Based on the findings by Barr (2006), these procedures are the assessment, acquisition,

examination and the documentation and reporting processes. These processes are all necessary

in collecting digital evidence, but all aspects must maintain the original form to be admissible in

a court of law.
 4

Along with the importance of the acquisition stage in a computer crime investigation,

documenting and reporting all steps in the process is also critical. Lack of accurately

documenting the procedures when conducting a computer crime investigation can also be the

cause why digital evidence is thrown out of a courtroom case. Per Barr (2009), this issue can be

resolved by ensuring that the examination of digital evidence is performed by certified forensics

analysts. These can be in-house analysts or provided by a third-party. According to Barr (2009),

using a third party examiner is preferred because it eliminates the risk of an in-house conspiracy,

or an in-house analyst being compromised because of relationships between internal employees.

Despite the growing number of what are now considered computer crimes, the lack of

unifying standards in which define what digital forensic evidence consists of makes it very hard

for investigators to use it in court. One way to address this issue is to validate digital forensics

gathering procedures with the law enforcement agencies, and adhere or adapt to these current

processes. Along with this, staying consistent with data gathering practices and keeping current

with evolving computer forensic processes and tools can also help in developing evidence

integrity. By following this strategy, evidence has a better chance in being used in a computer

crime case.
 5

References

Barr, J. (2006). Digital Forensics. Faulkner Information Services. Retrieved July11, 2010 from

Faulkner Information Services database.

Barr, J. (2009). Computer Forensics. Faulkner Information Services. Retrieved July11, 2010

from Faulkner Information Services database.

6