Chapter 1: Foundations of Digital Forensics Flashcards
Mujahiden Secrets 2
A tool developed by Islamist extremist to avoid detection and apprehension
Positive aspect of increasing use of technologies by crminals
Abundance of digital evidence can be obtained to apprehend and prosecute criminal.
Threat to life and limb
A provision in the USA patriot Act which enables Internet Service Provider to provide law enforcement with information quickly, without waiting for search warrant.
Digital evidence
Any data stored or transmitted using a computer that support or refute a theory of how an offense occurred or that address critical elements of the offense such as intent or alibi.
What can digital evidence reveal
How a crime was committed, provide investigative leads, disprove or support witness statements, and identify likely suspects.
Three group of computer systems
1- Open computer systems : Systems comprised of hard drives, keyboard, and monitors, and servers that obey standards.
2-Communication systems : Traditional telephone systems, wireless telecommunication systems, internet, network
3- Embedded computer systems: Mobile devices, smart card, navigation system,
What organizations anticipate by properly processing digital evidence
Protecting themselves against liabilities such as invasion of privacy and unfair dismissal claim.
Term Forensic
Characteristic of evidence that satisfies its suitability for admission as fact and its ability to persuade based upon proof .
Forensic Science
The application of science to investigation and prosecution of crime to the just resolution of conflict.
What else forensic science provide in addition to scientific techniques and theories
Help reconstruct crimes and generate leads.
Main goal in any ivestigation
To follow the trails that offenders leave during the commission of a crime and to tie perpetrators to the victims and crime scenes.
Locard;s Exchange principle
Contact between two items will result in an exchange.
Trace evidence
Is the evidence that is produced during the exchange between individual and crime scene.
Categories of trait evidence
1- class characteristics : common traits in similar items 2- Individual characteristics: More unique, can be linked to a specific person or activity with greater certainty.
Forensic Soundness
In order to be useful in an investigation, digital evidence must be preserved and examined in a forensically sound manner.
Key to forensic soundness
Documentation
Autentification
The process of ensuring that the recovered evidence is the same as the originally seized data,.
How many steps are involved in autentification
Two steps :
1- Examination of the evidence to determine that it is what its proponent claims.
2- closer analysis to determine its probative value.
Most important aspects of authentification
Maintaining and documenting the chain of custody.
Potential consequences of breaking chain of custody includes:
Misidentification of evidence, contamination of evidence, lost of evidence or pertinent elements
Purpose of integrity check
To show that evidence has not been altered from the time it was collected, thus supporting the authentication process.
How integrity of evidence is checked in digital forensics
A comparison of the digital fingerprint for that evidence taken at the time of collection with the digital fingerprint of the evidence in its currents state.
Message digest algorithm
Can be thought of a black box that accepts a digital object (file, program, or disk) and produces a number.
A message digest algorithm always produce the same number for a given input.
Also, a good message digest algorithm will produce a different number for different inputs.
MD5 Alogorith
Takes as input a message arbitrary length and produce as output a 128-bit ‘fingerprint - unique characteristic” or “message digest”.
MD5 algorithm do not indicate that the associated evidence is reliable, as someone could have modified the evidence before the hash value was calculated..
Objectivity in forensic analysis
Interpretation and presentation of evidence should be free from bias to provide decision makers the clearest view of the facts.
Most effective approach to objectivity
1- Let the evidence speaks for it self as much as possible
2-Peer review process that assesses a forensic analyst’s finding from bias or any weakness.
Evidence dynamics
Any influence that changes, relocates, obscures, or obliterates evidence regardless of intent between the time evidence is transferred and the time the case is resolved.
