Computer Forensic Tools And The Investigator's Office Laboratory

Read Complete Research Material


Computer forensic tools and the Investigator's office Laboratory

Computer forensic tools and the Investigator's office Laboratory


Computer crime is an unfortunate artifact of today's wired and global society. It is no surprise that individuals involved in deviant and or criminal behavior have embraced technology as a method for improving or extending their criminal tradecraft. With the proliferation of technology, our notions of evidence and what constitutes potential sources of evidence are drastically changing. Gone are the days when evidence was primarily document based. Today, and going forward, evidence is becoming more electronic or digital based. This is true for all investigations, not just those we commonly associate with crimes that use or are directed toward a computer, network or IT infrastructure.

Computer forensic tools and the Investigator's office Laboratory

There have been several investigative models developed to assist law enforcement in dealing with the shift from document based to digital based evidence (cf. Carrier & Spafford, 2003; Beebe & Clarke, 2004; Reith, Carr, & Gunsch, 2002; Rogers, 2006; Stephenson, 2003). These various models have assumed that the entire investigative process for computer forensics would be undertaken (see Figure 1). This can be extremely time consuming given the volume of data to examine and in most cases it involves the transfer of the system(s) or a forensic copy(s) of the data located on the storage media to a lab environment for a thorough examination and analysis. While this method may work in situations where time is not overly critical, it is not sufficient in time critical situations. Examples of these time critical situations include child abductions, missing persons, death threats etc. In these situations the need for quick information and investigative leads outweighs the need for an in-depth analysis of all the potential digital evidence back in a laboratory environment.

In order to meet the demand for timely information derived from digital sources a different process model is proposed that is based on forensically sound principles and at the same time is sensitive to time constraints (i.e., critical investigative information can be derived in a short timeframe). The proposed model can be conducted on scene which provides the added benefit of having a feedback loop with the investigators; this allows the computer forensics analyst to modify their searches based on input from the primary investigators and those in direct contact with the suspect.

The development of the current process model was guided not only by the perceived need by the law enforcement community, but also from the formalization of a novel investigative approach that was being used in real investigations by agents working with the Southern Indiana Assistant U.S. Attorney's office - USADA Steve Debrota. This office had been involved in several cases where the quick and efficient examination of digital evidence was crucial to the case and the investigative leads that were generated on site (at the suspect's dwelling) were critical to the success of the operation, in securing a conviction of the offender and to protecting ...
Related Ads