Asee peer logo

Computer Forensics: Seizing And Securing Digital Evidence

Download Paper |


2009 Annual Conference & Exposition


Austin, Texas

Publication Date

June 14, 2009

Start Date

June 14, 2009

End Date

June 17, 2009



Conference Session

Modern Software Measurement Techniques

Tagged Division


Page Count


Page Numbers

14.355.1 - 14.355.8



Permanent URL

Download Count


Request a correction

Paper Authors

author page

Saleh Sbenaty Middle Tennessee State University

author page

Stan Mitchell LogicForce Consulting, LLC

author page

Hugh Berryman Middle Tennessee State University

Download Paper |

NOTE: The first page of text has been automatically extracted and included below in lieu of an abstract

Computer Forensics — Seizing and Securing Digital Evidence

I. Abstract

The current paper focuses on the importance of properly seizing and securing digital evidence and the need to educate law enforcement personnel with the correct methods of collecting, documenting, packaging, labeling, and protecting computer related evidence. The paper presents an overview of computer related crimes, computer forensics, and the proper procedures for seizing and securing digital evidence. A description of a short course that was designed to provide law enforcement and forensic personnel with the knowledge needed to collect and preserve digital evidence, and the results gained from this experience are also provided.

II. Introduction

Computer related crimes are steadily increasing at an alarming rate. Digital evidence, as with any evidence, must be preserved in its original state. The law requires that evidence be authentic and unaltered. For digital evidence to be successfully utilized in a criminal investigation, no spoliation to that evidence should occur. A major aspect of preserving digital evidence is collecting it in a way that does not alter it. Computer forensics involves the preservation, identification, extraction, and documentation of digital evidence in the form of magnetically, optically, or electronically stored media (J.P. Craiger 2005). Therefore, law enforcement agents nowadays face a new challenge; they must be familiar with the proper procedures of seizing and securing digital evidence.

1. Computer Forensics

Computer forensics may be defined as the retrieval and analysis of data from a seized computer or any other electronic media performed in such a manner that the results are reproducible by another examiner who, by following the same steps, reaches the same conclusions. Computer forensics has also been described as an “electronic autopsy” of a digital media, because specialized training and hardware/software tools and techniques are all required to make an exact image/copy of the drive. The retrieved data is then analyzed along with the various levels at which that data is stored.

2. Computer Crimes

Computers and digital media have become integral parts of our lives. In 1997, the US Census estimated that only about 18% of households in the US had computers. In 2000, this number grew to 51% with 42% of those households having Internet access. In 2003, the number has increased to 62% of households with 52% having Internet access. Currently, almost 90% of households in the US have computers. Therefore, crimes committed on computers are no longer limited to skinny guys with pimples, a tape on their glasses, and squeaky voices. Almost anyone nowadays can point, click, and use a computer to commit just about any crime. So what type of crimes are being committed using computers? What information is generated to corroborate the facts and circumstances and help in the crime investigation?

Sbenaty, S., & Mitchell, S., & Berryman, H. (2009, June), Computer Forensics: Seizing And Securing Digital Evidence Paper presented at 2009 Annual Conference & Exposition, Austin, Texas. 10.18260/1-2--5186

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2009 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015