Iscs 451 Assignment 6
ISSC 451
Assignment 6
AMU
1. Identify and explain the factors that have limited local law enforcement efforts against digital crime. The factors that have limited local law enforcement’s efforts against digital crime are lack of training, lack of diagnostic equipment, lack of management level recognition and support, and a lack of specialized personnel. First off, training is a paramount need for local law enforcement. Many of the officers appointed to computer crimes at the local level do not have the requisite knowledge to deal with these types of crimes. Some of these officers are even put into these roles when they don’t even want to. Also, the lack of training to patrol officers could lead to valuable evidence being inadvertently destroyed. Most local agencies lack the equipment necessary to conduct digital forensics. Many local experts have even been reported to have purchased their own equipment to do their job (Taylor, et. al., 2011). The lack of management support and recognition of computer crime analysis has led to the lack of funding for these local cyber units. With a lack of funding comes a lack of equipment, training, and the ability for personnel to specialize in digital forensics.
2. Explain and describe the best practices for collection, preservation, transportation, and …show more content…
storage of electronic evidence. Since all evidence collection methods can be called into question later, it is best to establish a written standards operating procedures and use it every time.
A checklist should be created off of the operating procedures and brought to each crime scene by the investigator. Every electronic device should be photographed before touching anything. The checklist should be followed step by step and every item needs to be put into an evidence bag and tagged. Then a chain of custody document needs to be created for every piece of evidence. No analysis should be done on the original copy of any device. All analysis should be done on system image copies of each
device.
When transporting evidence, make sure it is treated as fragile cargo. All magnetic media need to be packed and transported in antistatic bags or paper. Make sure as to not bend CDs, diskettes or tapes. When storing evidence, make sure the chain of custody is being properly documented. The evidence should be stored with an evidence custodian in a secure room. The above information is only a quick sampling of the necessary requirements for the collection, preservation, transport and storage of digital evidence.
3. What is the importance of chain of custody as it relates to computer crime? The chain of custody is a legal document that records the history of who had possession of the evidence and when. It is also used to show that the data presented is “as originally acquired” and has not been altered prior to the admission into evidence. This is important when it comes to electronic evidence as it can be easily altered. An identifiable person must always have physical custody of any piece of evidence to ensure its authenticity (EDRM, n.d.). Without a properly documented chain of custody, the electronic data and the findings of the investigation could be inadmissible in a court of law. This is why chain of custody is of paramount importance.
References
EDRM. (n.d.). Chain of Custody « EDRM. Retrieved June 8, 2015, from http://www.edrm.net/resources/glossaries/glossary/c/chain-of-custody Taylor, R. & Fritsch, E. & Liederbach, J. & Holt, T. (2011). Digital Crime and Digital
Terrorism, Second Edition. Prentice Hall
Assignment 6
AMU
1. Identify and explain the factors that have limited local law enforcement efforts against digital crime. The factors that have limited local law enforcement’s efforts against digital crime are lack of training, lack of diagnostic equipment, lack of management level recognition and support, and a lack of specialized personnel. First off, training is a paramount need for local law enforcement. Many of the officers appointed to computer crimes at the local level do not have the requisite knowledge to deal with these types of crimes. Some of these officers are even put into these roles when they don’t even want to. Also, the lack of training to patrol officers could lead to valuable evidence being inadvertently destroyed. Most local agencies lack the equipment necessary to conduct digital forensics. Many local experts have even been reported to have purchased their own equipment to do their job (Taylor, et. al., 2011). The lack of management support and recognition of computer crime analysis has led to the lack of funding for these local cyber units. With a lack of funding comes a lack of equipment, training, and the ability for personnel to specialize in digital forensics.
2. Explain and describe the best practices for collection, preservation, transportation, and …show more content…
storage of electronic evidence. Since all evidence collection methods can be called into question later, it is best to establish a written standards operating procedures and use it every time.
A checklist should be created off of the operating procedures and brought to each crime scene by the investigator. Every electronic device should be photographed before touching anything. The checklist should be followed step by step and every item needs to be put into an evidence bag and tagged. Then a chain of custody document needs to be created for every piece of evidence. No analysis should be done on the original copy of any device. All analysis should be done on system image copies of each
device.
When transporting evidence, make sure it is treated as fragile cargo. All magnetic media need to be packed and transported in antistatic bags or paper. Make sure as to not bend CDs, diskettes or tapes. When storing evidence, make sure the chain of custody is being properly documented. The evidence should be stored with an evidence custodian in a secure room. The above information is only a quick sampling of the necessary requirements for the collection, preservation, transport and storage of digital evidence.
3. What is the importance of chain of custody as it relates to computer crime? The chain of custody is a legal document that records the history of who had possession of the evidence and when. It is also used to show that the data presented is “as originally acquired” and has not been altered prior to the admission into evidence. This is important when it comes to electronic evidence as it can be easily altered. An identifiable person must always have physical custody of any piece of evidence to ensure its authenticity (EDRM, n.d.). Without a properly documented chain of custody, the electronic data and the findings of the investigation could be inadmissible in a court of law. This is why chain of custody is of paramount importance.
References
EDRM. (n.d.). Chain of Custody « EDRM. Retrieved June 8, 2015, from http://www.edrm.net/resources/glossaries/glossary/c/chain-of-custody Taylor, R. & Fritsch, E. & Liederbach, J. & Holt, T. (2011). Digital Crime and Digital
Terrorism, Second Edition. Prentice Hall