SamplesAnalysisDigital EvidenceBuy essay
← Cyber ForensicsThe Spirit of Volunteerism →

Custom Digital Evidence Essay

Sources of digital evidence are diverse: computers, mobile phones, hard drives, digital cameras USB memory devices, CD-ROM among others. The setting of digital thermometers, web pages etcetera can also be used to harvest digital evidence. In the process of collecting the digital evidence it is important that all the information be handled with a lot of care because such data is susceptible to irreversible damages which in the event of occurring will nullify the whole collection of digital evidence. A common practice to ensure that the information is not altered at a later date is to record the cryptographic hash of the file being used as a digital evidence. Intentional measures have been put in place to ensure that the originality of the evidence. These include the imaging process whereby the computer media is imaged with the help of a writeblock (to be discussed in subsequent sections below). The establishment of a chain of custody is also a prerequisite for validity of the collected information. It is a requirement that all the information has to be documented and only the tools and methods regarded valid should be used.

A computer user can be very helpful in the collection of data however if it is a criminal case then the owner of the device from where the information is to be collected has to give consent. In case there are encrypted and password protected files they should be broken into (hacked) to extract any information which may be important to the whole process. Progress has been made on the collection of data from computers from what has been referred to static data to live data. It has been found that collection of live data is likely to yield more results than static data because shutting the computer down to collect static data might result to lose of some data from the RAM.

After the data is collected it has to be examined and analyzed to identify the type of information contained in it. The tools and processes used to carry out the analysis include access data, technology pathways, file carving, guidance software, sleuth kit and sift (this is elaborated in the next section below). Generally a typical forensic analysis will incorporate the reviewing the materials on the media, discovering and cracking of passwords, searching by use of keywords related to crime, extraction of e-mail and picture, and review of window registry for any useful information. It should be noted that both the exculpatory and inculpatory information is collected. 

After the data is collected and examined it is presented as digital evidence. It should be noted this process requires a very competent team to carry out otherwise it might not be possible to extract some information which might be of great significance to a given case. It should be appreciated the process of collecting data through cybercafé forensic is quite tedious and needs one to be very cautious. Some of the simple techniques used to carry out this procedure are briefly explained below:

Some of the simple computer forensic techniques for computer networks are outlined below:

Packet sniffing

This is simply pulling out of critical data from the stream of data flows. Such data retrieved may have such significant information as passwords, user names and mails which have been sent and received.

IP Address Tracing

This is the tracing of the internet protocol address to its real address. The target address can be checked with ISP and ownership information obtained.

Email Address System

The sources of an email can at times be very significant. This is done with the help email headers. The headers contain minute but very important details concerning the origin of the email which include the source machine IP address and real email server. For computer systems the following techniques are applied.

File Structure

This is done for a physical computer system.  The technique involves analyzing of suspicious files in the computer system by the use of automated tools and at times manual interference takes place.

Storage Media

This includes the physical and removable disks. For the cases where information is already erased from disks through erasing or formatting the use of advanced tools can be used to collect fragments of information which  can be coined together to form digital evidence.


This involves the retrieval of data which is stored in sounds, images or other file formats apart from the routine formats. This might be quite hard to work on but at times it reveals significant hidden information. The tools used in carrying out computer forensics include disassemblers, hex editors, disk analyzers, decryptors, DNS tools and packet sniffers.

With advanced technology crime scenes have continually become hard to analyze. This is the same case with cyber forensics. Instead of just relying on retrieving information which is directly related to the crime scene there have attempts made to coin up series of events to have a clear picture of how a cyber crime took place. This is often referred to as crime reconstruction. Based on the crime reconstruction, reconstructive hypotheses are developed to explain the turn of events. Under cyber forensics there are processes such as crime scene2 reconstruction3. Reconstruction of crime scenes is important as it helps to determine the most probable sequence of events that took place. This is done by the application of scientific methods in the interpretation of the events surrounding a crime. Carrier and Spafford have proposed a process which can be applied when carrying out digital crime reconstruction; evidence examination, role classification, event construction and testing, event sequencing, and hypothesis testing. Chisum and Turvey (2006) have argued that when applying digital reconstruction it is vital for the hypothesis arrived at to be thoroughly tested. They have claimed that, “most effective investigators suppress their personal biases and hunches, and they seek evidence and perform experiment to disapprove their working theory.”

Cyber forensic is a field gathering much momentum because of the ever increasing crimes being committed through computer networks. When a cyber forensic process is carried out care should be taken to ensure that the process is done in a manner that is approved by the law. This is significant to ensure that the data to be collected in admissible before a court of law. Basically the key principles of carrying out a cyber forensic procedure circulate around ensuring that the data collection is done by a competent person who must ensure that the data collected is not altered in any way. In this process he/she ensures that the tools used in carrying out this process are valid and allowed. Cyber forensic crime reconstruction is also allowed but it is to be done with a lot of caution especially in experimenting out the reconstructed theories.

Custom Digital Evidence Essay

Code: Sample20

Related essays

  1. The Spirit of Volunteerism
  2. World Wide Web
  3. Cyber Forensics
  4. Computer Technology
On your first order you will receive 20% discount
Order now PRICES from $12.99/page ×
Live chat