|
How It’s Done Evidence that May be Gathered Digitally
|
| bet | 4/17 | | Sana | 21.05.2024 | | Hajmi | 430,06 Kb. | | #248066 | | Turi | Guide |
Bog'liq DigitalEvidence How It’s Done Evidence that May be Gathered Digitally
Computer documents, emails, text and instant messages, transactions, images and Internet histories are examples of information that can be gathered from electronic devices and used very effectively as evidence. For example, mobile devices use online-‐based based backup systems, also known as the ‘cloud’, that provide forensic investigators with access to text messages and pictures taken from a particular phone. These systems keep an average of 1,000–1,500 or more of the last text messages sent to and received from that phone.
In addition, many mobile devices store information about the locations where the device traveled and when it was there. To gain this knowledge, investigators can access an average of the last 200 cell locations accessed by a mobile device. Satellite navigation systems and satellite radios in cars can provide similar information. Even photos posted to social media such as Facebook may contain location information. Photos taken with a Global
Positioning System (GPS)-‐enabled device contain file data that shows when and exactly where a photo was taken. By gaining a subpoena for a particular mobile device account, investigators can collect a great deal of history related to a device and the person using it.
Who Conducts the Analysis
According to the National Institute of Justice
(http://www.nij.gov/nij/topics/forensics/evidence/digital/investigati
ve-‐tools/welcome.htm), “Digital evidence should be examined only by those trained specifically for that purpose.” With the wide variety of electronic devices in use today and the speed with which they change, keeping up can be very difficult for local law enforcement. Many agencies do not have a digital evidence expert on hand and, if they do, the officer might be a specialist in cell phones but not social media or bank fraud. A detective may be able to log onto e-‐Bay® and look for stolen property but may be unable to capture cell phone text message histories and could destroy evidence just by trying. Many take an interest in the area and learn what they can, but there is no single path to digital evidence expertise— qualifications and certifications are not standardized across the country. Incorporation of digital seizure techniques is becoming more widespread in first responder training.
Certified Digital Media Examiners are investigators who have the education, training and experience to properly exploit this sensitive evidence. That said, there is no single certifying body, and certification programs can contain different courses of study. Generally speaking, these professionals have demonstrated core competencies in pre-‐examination procedures and legal issues, media assessment and analysis, data recovery, specific analysis of recovered data, documentation and reporting, and presentation of findings. While certification of examiners is not required in most agencies, it is becoming a widely valued asset and the numbers of certified examiners will increase. Vendor-‐neutral (not software based, but theory-‐ and process-based) certification is offered through the Digital Forensics Certification Board (DFCB), an independent certifying organization for digital evidence examiners, the National Computer Forensics Academy at the High Tech Crime Institute and some colleges.
Most states have at least one laboratory or section for digital forensics and a variety of task forces including Internet Crimes Against Children (ICAC), Joint Terrorism Task Force (JTTF), and Narcotics and Property Crimes. These forces comprise officers with specialized training, including search, seizure and exploitation of digital evidence as it pertains to their area of expertise. Agencies and investigators must work together to ensure the highest level of security and evidence handling is used. In the United States, the FBI can provide assistance in some specialty areas.
|
| |
