Paper Authors

Abstract

NOTE: The first page of text has been automatically extracted and included below in lieu of an abstract

Computer Forensics — Seizing and Securing Digital Evidence

I. Abstract

The current paper focuses on the importance of properly seizing and securing digital evidence and the need to educate law enforcement personnel with the correct methods of collecting, documenting, packaging, labeling, and protecting computer related evidence. The paper presents an overview of computer related crimes, computer forensics, and the proper procedures for seizing and securing digital evidence. A description of a short course that was designed to provide law enforcement and forensic personnel with the knowledge needed to collect and preserve digital evidence, and the results gained from this experience are also provided.

II. Introduction

Computer related crimes are steadily increasing at an alarming rate. Digital evidence, as with any evidence, must be preserved in its original state. The law requires that evidence be authentic and unaltered. For digital evidence to be successfully utilized in a criminal investigation, no spoliation to that evidence should occur. A major aspect of preserving digital evidence is collecting it in a way that does not alter it. Computer forensics involves the preservation, identification, extraction, and documentation of digital evidence in the form of magnetically, optically, or electronically stored media (J.P. Craiger 2005). Therefore, law enforcement agents nowadays face a new challenge; they must be familiar with the proper procedures of seizing and securing digital evidence.

1. Computer Forensics

Computer forensics may be defined as the retrieval and analysis of data from a seized computer or any other electronic media performed in such a manner that the results are reproducible by another examiner who, by following the same steps, reaches the same conclusions. Computer forensics has also been described as an “electronic autopsy” of a digital media, because specialized training and hardware/software tools and techniques are all required to make an exact image/copy of the drive. The retrieved data is then analyzed along with the various levels at which that data is stored.

2. Computer Crimes

Computers and digital media have become integral parts of our lives. In 1997, the US Census estimated that only about 18% of households in the US had computers. In 2000, this number grew to 51% with 42% of those households having Internet access. In 2003, the number has increased to 62% of households with 52% having Internet access. Currently, almost 90% of households in the US have computers. Therefore, crimes committed on computers are no longer limited to skinny guys with pimples, a tape on their glasses, and squeaky voices. Almost anyone nowadays can point, click, and use a computer to commit just about any crime. So what type of crimes are being committed using computers? What information is generated to corroborate the facts and circumstances and help in the crime investigation?

• Citation

• Format
  • APA
  • APA - LaTeX bibitem
  • MLA
  • MLA - LaTeX bibitem
  • Bibtex
  • EndNote - RIS

Sbenaty, S., & Mitchell, S., & Berryman, H. (2009, June), Computer Forensics: Seizing And Securing Digital Evidence Paper presented at 2009 Annual Conference & Exposition, Austin, Texas. 10.18260/1-2--5186