Handling a Digital Crime Scene Flashcards
Foundation of all forensic investigations is based on what
The foundation of all forensic investigations is based on the ability of the crime scene investigator to recognize the potential and importance of physical evidence, large and small, at the crime scene.
Computers, mobile devices, and networks in the crime scene
There should be considered an extension of the crime scene, even when they are not directly involved in facilitating the crime, as they can contain useful information and provide a digital dimension
What is recommended to do to for a digital crime sene
digital crime scenes can contain many pieces of evidence and it is necessary to apply forensic principles to survey, preserve, and document the entire scene.
What effort digital investigators make to preserve the state of a crime scene,
digital investigations make an effort to prevent all access or contamination of the evidential systems. At the same time, they survey the crime scene to identify items of potential relevance and document the context of the evidence by making notes, photographs, and diagrams.
What is the aim when handling a digital crime scene?
to preserve evidence in a way that maintains its integrity and maximizes its usefulness for decision mak-ers
ACPO Guide provides the following four fundamental principles when handling digital crime scenes:
Principle 1: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
Principle 2: In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
Principle 3: An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
Principle 4: The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to
Computer security professionals should obtain
instructions and written authorization from their attorneys before gathering digital evidence relating to an investigation within their organization.
For a search warrant to be valid, it must describe what?
it must both particularly describe the property to be seized and establish probable cause for seizing the property.
