1 / 33

Procedures FOR OBTAINING AND MANAGING COMPUTER AND ELECTRONIC EVIDENCE

Computer Forensics Defined . Forensics is a study which relates to legal proceedings or augmentation. Computer Forensics is defined as the activities which are associated with identifying and preserving electronic evidence in the support of some legal action. . Electronic Evidence Defined . Data an

monte
Download Presentation

Procedures FOR OBTAINING AND MANAGING COMPUTER AND ELECTRONIC EVIDENCE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Procedures FOR OBTAINING AND MANAGING COMPUTER AND ELECTRONIC EVIDENCE CISM 5131 Fundamentals of Computer Forensics Fall 2009 Keshia King Odane Bertram Charles Courtlan Whiten

    2. Computer Forensics Defined Forensics is a study which relates to legal proceedings or augmentation. Computer Forensics is defined as the activities which are associated with identifying and preserving electronic evidence in the support of some legal action.

    3. Electronic Evidence Defined Data and meaningful information that has some value to investigators and can be stored on or transmitted by an electronic device. Electronic evidence is latent.

    4. The Four-Step Process Acquisition Identification Evaluation Presentation

    5. Repeatability vs. Reproducibility The National Institute of Science and Technology (NIST) requires forensic test results to be repeatable and reproducible.

    6. Electronic Discovery E-Discovery relates to a process in which electronic data is sought, located, secured, and searched with the intention of utilizing it as evidence in a criminal or civil investigation.

    7. Recovery of Computer Media MD5 SHA

    8. Surveillance Equipment Snooping Sniffing Probing

    9. Potential Evidence User created files Computer generated files Protected files

    10. Managing the Crime Scene The purpose of a crime scene investigation is to establish the events that have occurred and to identify those responsible.

    11. Steps for Processing a Crime Scene Evidence recognition and identification Scene documentation Evidence collection

    12. Steps for Searching the Scene Secure and protect scene Initial preliminary survey Evaluate physical evidence possibilities Prepare narrative description Take photographs of scene Prepare diagram/ sketch of scene Conduct detailed search, record, and collect physical evidence Conduct final survey Release Incident/ Crime Scene

    13. Documentation This is an official record of actions taken and evidence collected at the scene.

    14. Evidence Handling Forms and documentation Labeling and tagging Protecting Packaging Transportation Storage

    15. Chain of Custody Definition: It is the route the evidence takes from initial possession until final disposition. Also, chain of custody is defined as the ability to guarantee the identity and integrity of the specimen from collection through to reporting of the test results

    16. Wireless Forensics Wireless Networks Mobile Phones PDA

    17. The Technology Wireless devices have gone through an evolution since their emergence.  Devices in the past were used for basic voice communications.  With the introduction of the Smartphone, the mobile devices have PC functionality.

    18. The Technology

More Related