Is Digital Forensics too dependent on point and click tools?

Should the Federal Government regulate Digital Forensics?

Does Digital Forensics fall under the umbrella of Technology or Science?

Digital Forensic Certification Bodies Should be Accredited by the Forensic Specialities Accreditation Board (FSAB)

Wednesday, January 28, 2009

ISSUES IN DIGITAL EVIDENCE INVESTIGATION

Cyber crime is an illegal electronic operation that targets the security of computer systems and data processed by them. Hacking, cyber fraud, phishing, identity and data theft come under cyber crime. Bank accounts can be hacked and credit card details can be stolen. When such cyber crimes are committed, we need digital evidence investigators to catch the culprits. Though cyber forensics is doing a great deal to find out who is responsible for misusing computer systems, it faces many issues that have to be handled with care. Listed below are some issues in cyber forensics.


  1. A digital evidence investigator must keep in mind the privacy and secrecy of the clients’ data and information while performing the investigation. But in some cases when the information has to be produced as evidence in the court of law to prove a crime, it is not possible for the cyber forensics expert to maintain the secrecy and privacy of the clients’ information.
  2. Sensitive data and information that are very important to the client maybe lost or damaged while finding evidence. But it is the duty of the expert to take additional care to ensure that the possible evidence is not destroyed or damaged. Typically this involves making a forensic image or forensic copy of the original media, and conducting the analysis on the copy versus the original.  
  3. While the investigations are on, it is possible that some malicious computer programs or computer viruses are released into the computer system. These viruses may corrupt the existing software and they may have the potential to damage the hardware system too. It maybe necessary to use high quality anti-virus software before the investigation is commenced.
  4. Once the evidence is found, it must be preserved very carefully. It must be protected against any kind of mechanical and electro-magnetic damage. Any evidence found relevant to the situation at hand will need to be extracted from the working copy media and then typically saved to another form of media as well as printed out. The information that is obtained as evidence is the responsibility of the computer forensic team.
  5. When the case is on, the evidence information maybe stored in court and, in some cases, the concerned partied may not be able to use that information. This may affect the business operations. In order to avoid causing any inconvenience and loss to the parties involved, the digital evidence investigator must make sure that justice is delivered as soon as possible.
  6. Whatever is done during the analysis has to be documented along with the findings. The findings and reports need to be based on proven techniques and methodology, and any other competent investigator should be able to duplicate and reproduce the results. It is also important that the information acquired during the analysis is ethically and legally respected.
  7. The operations cost of digital evidence investigations may some cases exceed regular investigations.


In spite of all these issues, cyber forensics or digital evidence investigation has gained a lot of importance in today’s computer world largely due to its vast application in varied situations.


By-line:

This post was contributed by Holly McCarthy, who writes on the subject of forensic science careers. She invites your feedback at hollymccarthy12 at gmail dot com


1 comment: