Computer technology has presented opportunities for the law enforcement profession. This technology has also created challenges that the profession has been forced to respond to. To ensure that criminals do not use computer technology to further their agenda, the law enforcement community has developed guidelines and techniques for gathering computer evidence (NIJ, 2004). These guidelines shed light on the steps that law enforcement agents need to take as they gather and present evidence. Thanks to these guidelines and the techniques, it can be hoped that computer technology will enhance operations instead of being exploited for criminal activities.
The National Institute of Justice developed guidelines that are intended to facilitate the collection of computer evidence. Among other things, these guidelines shed light on the crucial elements of the computer forensic process. Evidence assessment and evidence acquisition are some of these elements (NIJ, 2004). Essentially, evidence assessment is concerned with evaluating the evidence that has been collected for the purpose of establishing the next step that needs to be taken. On the other hand, evidence acquisition involves ensuring that the integrity of the evidence is not compromised (NIJ, 2004). This process requires that great care must be exercised to preserve evidence.
Delegate your assignment to our experts and they will do the rest.
Evidence examination, documentation and reporting are other vital processes in computer forensics (NIJ, 2004). Once evidence has been gathered, it must be scrutinized. The examination enables officers to obtain key facts that can be used to build a case. With the evidence examined, the next step is documentation. This step involves recording the insights that have been gained from the evidence examination process. At this step, the official also needs to document the steps that they have taken in the entire computer forensic process (NIJ, 2004). When all this is done, the officer then reports to the concerned authority. It is important to note that the steps discussed here are not all-inclusive. An officer may take other steps as they deem fit as they seek to obtain computer evidence.
When a first responder arrives at the scene, there are a number of considerations that they need to make. The safety of those responding is one of the considerations that the first responder should make (NIJ, 2004). Child pornography, counterfeiting, computer intrusion and identity theft are some of the crimes that call for the application of computer forensic (NIJ, 2008). While these crimes do not usually pose a security threat, it is vital for the first responder to guarantee the safety of all those involved. Another consideration that the responder should make concerns the need for additional resources. Upon examining the scene, the responder may learn that additional resources are required (NIJ, 2004). The key facts at the scene are yet another consideration that the responder has to make. These facts range from the operating system being used to the people involved in the crime.
Timestamps are among the crucial items that aid computer forensic experts in executing their mandate. Essentially, timestamps record the time when an event takes place on a computer system. Creation date and modified date are two of the vital attributes that an expert can locate in a computer system (Vacca, 2009). As the name suggests, the creation date allows one to determine when a file was originally saved. On the other hand, the modified date offers insights regarding the times at which modifications to a file were made. These attributes can be used to determine the process that a file has undergone and to establish the actions of criminals.
In an earlier section, it was noted that documentation and reporting are among the key elements of the computer forensic process. As they document and report, officers need to maintain some common notes. Search authority, requests for assistance and custody documentation are among the notes that require proper maintenance (NIJ, 2004). These notes essentially lend authority and credibility to the investigative process. The dates when key actions were taken should also be documented. This enhances accountability. Other notes that the investigative officer should maintain include handling of evidence and the personal details of the investigator. The notes on these issues help to legitimize the investigative process.
The computer forensic investigation process is intricate and complex. Four main steps are taken in this process. The steps include evidence assessment, evidence acquisition, evidence examination and documenting and reporting (NIJ, 2004). Each of these steps has been explored in detail in an earlier discussion. These steps are vital as they enable investigators to collect and analyze crucial computer evidence. It is therefore important for the investigator to exercise great care at each step.
References
National Institute of Justice (NIJ). (2004). Forensic Examination of Digital Evidence: A Guide for Law Enforcement. Washington, DC: U.S. Department of Justice Office ofJustice Programs.
National Institute of Justice (NIJ). (2008). Electronic Crime Investigation: A Guide for First Responders, Second Edition. Washington, DC: U.S. Department of Justice Office ofJustice Programs.
Vacca, J. R. (2009). Computer and Information Security Handbook. Burlington, MA: Morgan Kaufmann.
