1. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
Chapter 1��Understanding Computer Forensics & Investigations as a Profession
2. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
What is Computer Forensics?
Obtaining & analyzing digital information for use as evidence in civil, criminal, or administrative cases
Computer Forensics focuses on the recovery & analysis of digital evidence
Differs from Network Forensics, Data Recovery, & Disaster Recovery
3. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
What is the Fourth Amendment?
Protects rights of U.S. citizens to be secure in their person, residence, and property from search & seizure
Digital evidence is considered physical evidence & must be obtained via a Search Warrant
Search Warrants are legal documents that allow law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime�(see www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm)
4. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
Inculpatory vs. Excuplatory
Inculpatory is evidence that may incriminate the suspect
Exculpatory is evidence that may clear the suspect
5. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
The Investigations Triad of Computer Security
Vulnerability Assessment involves testing and verifying the integrity of stand-alone workstations & network servers
Network Intrusion involves detecting intruder attacks by using automated tools and by monitoring network firewall logs
Computer Investigations involves forensic analysis of systems suspected of containing evidence related to an incident or crime
6. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
Public vs. Private Investigations
Public (Criminal) investigations involve government agencies (local and Federal) responsible for criminal investigations and prosecution. (i.e., Dispute between government & citizens).
Private (Corporate) investigations involve private companies and lawyers who address company policy violations and litigation disputes, such as wrongful termination. �(i.e., Dispute between citizens).
Private investigations can be settled in Civil Court �(if not resolved within the corporation)
7. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
What is an Allegation?
An allegation is an accusation or supposition of fact that a crime has been committed
An allegation is made by a witness or a victim of a crime �(also known as the “complainant”)
8. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
Three main stages of a public (criminal or civil) case
A complaint is made to law enforcement by the complainant
A specialist investigates the complaint and collects evidence to build a case (along with prosecution)
Prosecution occurs when the case is tried in a court of law and the suspect is found guilty of committing a crime
9. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
The Affidavit
Sworn statement of support of facts about or evidence of a crime
Submitted to a judge to request a search warrant before seizing evidence
10. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
What is Line of Authority?
States who has the legal right to initiate an investigation, who can take possession of evidence, & who can have access to evidence
Applies to private (corporate) investigations
11. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations
The Silver Platter Doctrine
Delivering evidence to law enforcement by an investigator
Investigator is typically a civilian or corporate investigative agent
The investigator cannot be an agent of the court when a criminal act has been uncovered
