Professional Documents
Culture Documents
LaRon Walker
July, 2010
2
Abstract
Computer crimes have been on the rise for the past few years. New ways to gain unauthorized
access to network resources and files are being found daily, creating the need for the constant
adaptation of what the definitions of cyber crimes really are. There are many key elements that
are pertinent to a US criminal investigation. However, the most important aspect in collecting
computer forensic evidence is the ability to gather the information without altering it in any way.
When investigating a computer crime, the evidence must be gathered without any modification
to be admissible in court.
3
LaRon Walker
July, 2010
There are many elements that exist in the US Criminal Justice system when it comes to
computer crimes. Computer crimes can vary from stealing confidential or proprietary
electronic communications. This forces investigators to possess a solid forensics toolkit with a
variety of utilities that can gather information from remote and local hosts. According to the
article Digital Forensics (Barr, 2006), the most important component in investigating cyber
crimes is that of evidence acquisition. This includes the ability to gather an exact copy of the
digital evidence without tampering it in any way. Because digital evidence is so fragile, one of
the most common reasons why computer forensic evidence is inadmissible in court is because it
When gathering forensic evidence, there are four basic components which are performed.
Based on the findings by Barr (2006), these procedures are the assessment, acquisition,
examination and the documentation and reporting processes. These processes are all necessary
in collecting digital evidence, but all aspects must maintain the original form to be admissible in
a court of law.
4
Along with the importance of the acquisition stage in a computer crime investigation,
documenting and reporting all steps in the process is also critical. Lack of accurately
documenting the procedures when conducting a computer crime investigation can also be the
cause why digital evidence is thrown out of a courtroom case. Per Barr (2009), this issue can be
resolved by ensuring that the examination of digital evidence is performed by certified forensics
analysts. These can be in-house analysts or provided by a third-party. According to Barr (2009),
using a third party examiner is preferred because it eliminates the risk of an in-house conspiracy,
Despite the growing number of what are now considered computer crimes, the lack of
unifying standards in which define what digital forensic evidence consists of makes it very hard
for investigators to use it in court. One way to address this issue is to validate digital forensics
gathering procedures with the law enforcement agencies, and adhere or adapt to these current
processes. Along with this, staying consistent with data gathering practices and keeping current
with evolving computer forensic processes and tools can also help in developing evidence
integrity. By following this strategy, evidence has a better chance in being used in a computer
crime case.
5
References
Barr, J. (2006). Digital Forensics. Faulkner Information Services. Retrieved July11, 2010 from
Barr, J. (2009). Computer Forensics. Faulkner Information Services. Retrieved July11, 2010