Question 1: In the 1980s, when home computers were not yet popular and desktop systems were being developed for business and the government, the only digital forensics being practiced were used to detect and investigate hacking and computer compromise. In fact, the most common criminal act involving computers was the use of systems and dial-up modems to connect to the Department of Defense’s networks to get free long distance. As home computers and desktop computers became more popular, the main communications systems for inter-connectivity among computer users was through the use of dial-up commercial systems, which eventually resulted in the development of more advanced commercial networks, such as America Online (AOL).
As with any mechanism that makes life easier for consumers, those with criminal intent developed a means to exploits those systems for other-than-lawful purposes. Thus, computers became a bigger focus of the criminal justice system, as they could be used for different types of criminal activity. A computer could be used to commit a crime, such as hacking or transferring private or illegal information (e.g., stolen social security numbers, credit card information, or child pornography); it could be used to store evidence of a crime (e.g., child pornography, a “murder list,” narcotics ledgers, “cooked” accounting books); or it could be the target of a crime. From a national and international perspective, computers can and have been used to facilitate acts of terrorism and/or threats to national security.
As a result, techniques had to be developed to allow criminal justice professionals to search through digital data contained on a computer or network to identify and collect evidence. Initially, criminal justice professionals used commercially mainstream or wide-use software that could be used to recover data or search for data on a hard drive. Norton Disk Edit tools, for example, could be used to search a computer for digital evidence, but it also caused changes to the computer’s data. However, specialized forensic software was eventually developed (e.g., EnCase, FTK, SMART, etc.) to more accurately collect and search digital evidence without damaging or changing its content.
Initially, the courts did not understand the technology (neither the computers nor the forensic processes and software developed to examine them), and the law was not up-to-date enough to facilitate the investigation and prosecution of technology-based crimes. Further, there were not yet universal digital forensic standards or established best practices that practitioners could follow, which would have helped circumvent challenges to digital evidence in court. But, fortunately, over the last twenty years, laws have created or modified to account for technology-based crimes, digital forensic standards have been developed that are used across the discipline, and specialized tools have been developed that help law enforcement meet those standards.
Why is this important to each of you, as non-criminal justice professionals? While conducting a forensic analysis of your organization’s computers systems or networks – whether you’re searching for evidence of hacking or employee misconduct, or in response to a request for discovery in a lawsuit, as just a few examples – you may come across information that could lead to a criminal prosecution. If you do not follow the same standards used by criminal justice professionals (e.g., making every effort to analyze a bit-by-bit forensic copy instead of the original evidence directly), any evidence you find could be rendered inadmissible in court. However, if you perform your duties as a forensic examiner with criminal justice standards in mind, not only will it increase the utility of the digital evidence in a criminal or civil court, but it should also provide more certainty in your own results. In all situations involving the potential misuse of digital information, you should maintain a sensitivity to the potential for commercial/corporate terrorism or threats to geopolitical security.
For this week’s discussion response, complete the explanation requested below. Please discuss thoroughly and substantively in your post.
- Provide at least one example of how being familiar with and following digital forensic best practices, AND criminal justice standards would benefit you, even if you worked in a non-criminal justice digital forensics position.
Instructions: Include in your answer: How do best practices and criminal justice standards differ; how are they similar? Can you comply with one and not the other? What ramifications might there be in such a case?
Question 2: There are two warrants for your review; one a residential search and seizure warrant, and the second, a cell phone/computer warrant. For this discussion, identify four things that are either the same, or things you notice that are different. Why would they be similar or different?
Residential Search and Seizure Warrant: https://www.rcfl.gov/heart-of-america/documents-forms/searchwarrant_residential_exploitation.doc
Cell phone/computer Warrant: https://www.rcfl.gov/heart-of-america/documents-forms/searchwarrant_celluarphonechats.doc
Please discuss thoroughly and substantively in your post.
NOTE: Reference should be APA style and include In-text citation. 300 words each