Understanding Digital Profession Investigations Flashcards
Digital Forensics
application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation (also encompasses research and incident response)
Federal Rules of Evidence
created to ensure consistency in federal proceedings
Fourth Amendment
protects everyone’s right to be secure from search and seizure
Investigating digital devices
includes:
-Collecting data securely
-Examining suspect data to determine details
-Presenting digital information in legal proceedings
-Applying laws to digital device practices
Data recovery
involves retrieving information that was deleted by mistake or lost during a power surge or server crash
Threat assessment & risk management
tests and verifies the integrity of stand-along workstations and network servers
Network intrusion detection & incident response
detects intruder attacks by using automated tools and monitoring network firewall logs
Digital investigations
manages investigations and conducts forensics analysis of systems suspected of containing evidence
Understanding Case Law
-Existing laws can’t keep up with the rate of technological change
-When statutes don’t exist, case law is used
+Allows legal counsel to apply previous similar cases to current one in an effort to address ambiguity in laws
-Examiners must be familiar with recent court rulings on search and seizure in the electronic environment
Developing Digital Forensics Resources
-To supplement your knowledge:
+Develop and maintain contact with computing, network, forensic and investigative professionals
+Join technology investigative user groups in both the pubic and private sectors
+Attend training, workshops and seminars to engage in knowledge-sharing
Preparing for Digital Investigations
-Public-sector investigations involve government agencies responsible for criminal investigations and prosecution
-Private-sector investigations focus more on policy violations
Understanding Law Enforcement Agency Investigations
-When conducting public-sector investigations, you must understand laws on computer-related crimes including:
+Standard legal processes
+Guidelines on search and seizure
+How to build a criminal case
Following Investigative Processes
-A criminal investigation usually begins when someone finds evidence of or witnesses a crime
+Witness/victim makes an allegation or suspicion of crime
-Police interview the complainant, investigate and writes a report about the investigation
-Investigation has to identify that a violation of law is suspected, may occur or has occurred.
+An arrest is made and/or search warrant executed
+If no violation of law, then investigation is closed
-Prosecution occurs
+ Guilt beyond reasonable doubt
First Responder
Responds to an incident/crime scene, assesses the situation and takes precautions to identify and preserve physical evidence.
Digital Evidence First Responder
Arrives on an incident/crime scene, assesses the situation, and takes precautions to collect and preserve digital evidence
