Week 1 - The Investigative Process Flashcards
What are the two common settings of digital forensics?
Cybercrime context - Law enforcement investigating cybercrime.
Organisational context - Investigation conducted within an organisation that normally do not result in criminal proceedings, and at most civil proceedings.
What are the similarities between the two contexts of digital forensics?
Equal need for evidential standards.
Similar investigation techniques.
What are the differences between the two contexts of digital forensics?
The difference resources being investigated. The consequences (e.g. legal proceedings for cybercrime, termination of employment for organisational).
What are the basic overview steps of an investigation?
- Acquire the evidence without altering or damaging the original.
- Confirm that the recovered evidence is the same as the originally seized data
- Analyse the data without modifying it
According to the ACPO guidelines, what rules/laws is computer-based electronic evidence subject to?
The same rules and laws as documentary evidence (Normal evidence).
What must the prosecution do to prove validity/integrity of the data?
They must show that the evidence produced is no more or less that it was when first taken into possession of the police. The evidence must be the same as it was in the original data.
What is the first ACPO principle?
No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
What is the second ACPO principle?
In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
What is the third ACPO principle?
An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. Such that an independent third party should be able to examine those processes and achieve the same result.
What is the forth ACPO principle?
The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are applied.
How many principles in the ACPO guidelines are their?
4.
Whata are the main steps of the investigative process?
Identification Acquisition Preservation Search Analysis Reconstruction Presentation
What is the identification step of the investigative process?
Identifying that an incident has taken place.
E.g. a crime report, log monitoring, link for another case, intelligence, suspicion.
