SamplesAnalysisCyber ForensicsBuy essay
← Computer TechnologyDigital Evidence →

Free Example of Cyber Forensics Essay

The principles of cyber forensics are meant to ensure that the information collected does not lose legitimacy before a court of law. The principles are meant to ensure that the data remain admissible before a court of law. It should be appreciated that the art of cyber forensics being a recent one it is not very much developed and as a result the principles behind the art which is also a science have not been fully developed as they still have some loopholes which can be capitalized on. According to Forensic focus (2010) there are three principles associated with cyber forensics particularly in the collection of digital evidence:

The act of collecting digital evidence should not result in any alteration of the data in question, wherever this is possible.  

All handling of digital evidence (from collection through to preservation and analysis) must be fully documented. Access to original digital evidence should be restricted to those deemed "forensically competent"

A close observation will ascertain that the above principles are pointing at ensuring admissibility of the data collected before a court of law. It has been argued that the principles above are not properly worded and lack some key terms to cancel the possibility of ambiguity. For instance it has been argued that it might not be possible to uphold the first principle in the case where they is a need for a live analysis. Further more in the second principle, fully documents has not been explained. Lastly in the last principle, forensic competent is not defined.   Lack of properly carrying out the investigative process exposes the digital evidence to threats which are likely to spoil the data and make impermissible before a court of law.

As emphasized above digital evidence has been ranked as the most sensitive evidence in a court of law. Its handling calls for a lot caution otherwise it is likely to be considered null or corrupted. The biggest challenge and hence threat to digital evidence, in the views of Smith and kenneally (2010), is “the addressing the integrity of electronic data and events.” Smith and Kenneally (2010) have argued that the biggest threat to digital evidence is the ease with which the information can be easily altered. They have asked a significant question in relation to digital evidence, “is there not the same risk (same as in corporeal crime scenes) that evidence may have been planted, altered, wholesale removed prior to investigation – similar to moving or removing a gun, body, blood, physical document, and so forth?”

The ability to alter digital data before an investigation can begin and whether the experts carrying out the investigation will detect that the digital data was interfered with is a real threat to cyber forensics. This is worsened by a situation whereby the alteration is committed by another expert and worse still if there is some implantation of misleading data which will lead to wrong judgment being made in a court of law. This threat especial the liability to prove that the digital data collected is valid and can be relied upon by a court of law has laid a heavy responsibility upon the investigators. This has also resulted to a process being laid out on how this process should be carried out. The next section discusses the investigation process used to preserve, locate, select, analyze, validate, and present digital evidence for evidentiary purposes.

Lewis (ttt) has identified the following qualities as significant to an ideal forensic process:

  • Must not modify or contaminate the media or data
  • Must acquire the image
  • Must authenticate the data
  • Analysis of the data to include
    • Documentation
    • Worksheet
    • Chain of custody
    • Preservation
    • Identification (Adapted from Corporate Computer Forensics Training Systems Text Manual, Volume 1 by Lewis 18)

A close observation at the procedure proposed by Lewis (ttt) above shows that the process needs to pay attention to issues of preservation, location, selection, analysis, validation and the presentation. According to the New York Computer Forensic Services computer forensic examination process involves the, “preservation, identification, extraction, interpretation, and documentation of computer evidence.” It very significant to note  that all these is done to render the digital data collected validity before a court of law as brought out in the block note on the definition of computer forensics by the Global digital Forensics (2010):

Computer Forensics is the preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the USDOJ rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and ability to provide expert opinion in a court of law or other legal proceeding as to what was found.

Basically five steps can be identified in the process of cyber forensic: preparation, data collection, examination, analysis and reporting to relevant authorities.

It is very significant that from the very initial stages of this process everything should be well validated. This will include the person or team carrying out the process. The process should be carried out by a certified computer forensic examiner(s). It should be noted that the equipment to be used should be licensed so as to ensure validity in court. It should be noted that some author have raised concerns to the definition of a certified computer forensic examiner.

Code: Sample20

Related essays

  1. Digital Evidence
  2. The Spirit of Volunteerism
  3. Computer Technology
  4. Pet Owners
View all
Live chat