Hi everyone,
I'm currently a first year university student asking a help in this forum as i need to do a 3,500 words of essay for my assignment. I have a lvl 1 helpdesk support background and have no experience or little knowledge of cyber forensic.
While i'm doing halfway of my assignment, i'm stuck at locate, select, analyse and validate of the digital evidences and this is part of my assignment content that need to be research.
I need a help on the information for locate, select, analyse and validate digital evidences as i have google to find answer about it and there is no briefly description of it as most information i found are very close to each other especially locate, select and analyse.
Can i know if there is any search words for me straight to the point to find out more about the information that i want?
Hope expert here can give a little help of 2 cents worth info of the path to light my way out.
Thanks
Noob student
ZY cry
Maybe if you could explain what exactly the terms "locate, select, analyse and validate" mean for you (or what do they mean in the context of the essay theme that was asked you) it could help.
Are you talking of "physical" evidence (PC's, laptops, hard disk, cellular phones, etc.) or "virtual" evidence (websites, logs, etc.)?
Tentatively
locate->seize/collect
select->triage/pre-scan
analyse->analyze
validate->checksum/hash/validate
also "chain of custody" and "preservation of evidence" may be part of the activities in an investigation that may be relevant.
jaclaz
Hi jaclaz expert (If you don't mind i call you that),
Thanks for your answer.
Base on my lecturer guide that given to me, this assignment that i having right now is a Research based essay. He want us to describing and discussing the process and challenges involved in identifying, recovering, securing, examining, analysing and preparing digital evidence from a crime scene ("Which somehow i lost my way of writing it and i guess i need to rewrite the whole thing again").
What he also mention in the guide to discuss the investigation processes used to
Preserve, locate,select,analyse,validate and present evidence obtained from a computer for evidentiary purposes.
He also want us to discuss the importance of crime reconstruction hypotheses and alternative hypotheses.
So as Per above mention, I need to google a topic of a real crime scene and write the whole process of it in this essay?
If possible if you can help and suggest what are the area i can look for a crime scene?
Actually I am the least one deserving the "expert" title, particularly related to "digital forensics", JFYI
http//www.forensicfocus.com/c/aid=65/interviews/2013/jacopo-forum-member-jaclaz/
What you could have a look at is the (UK) ACPO guidelines
http//
jaclaz
C. The search at the applicant’s home on 11 May 2010 and subsequent judicial review
25. On 14 June 2010 the President of the first-instance court, upon a complaint by the applicant, upheld the investigating judge’s decision and concluded that the search was lawful and that the evidence obtained was admissible in the criminal proceedings. No hearing was held. She examined the applicant’s written complaints, the criminal case file and the investigator’s written explanation. The relevant part of the decision, which was final, reads
The present criminal proceedings were opened in connection with facts directly relating to the exchange of information in electronic form and therefore it is important to take into account the specific features of cybercrime , where the preservation, acquisition and recording of evidence in electronic form is delicate owing to the fact that such evidence can be modified or destroyed very quickly; it is also important to take into account the mens rea of the crime. … I find that in this particular case the search under the urgent procedure was admissible. …
E. Review by the Ombudsman
30. On 28 September 2010 he delivered his opinion, which was not binding on the domestic authorities. He examined not only whether the alleged violation of the applicant’s freedom of expression had taken place, but also whether there was an effective monitoring system in the country in that regard. As concerns the alleged interference with freedom of expression, and proportionality, he noted the following [emphasis as in the original]
The court substantiated the need for a search under the urgent procedure by the fact that in criminal proceedings involving a flow of electronic documents it was necessary to take into account the specifics of cybercrimes , where the preservation, obtaining and recording of electronic evidence was rather delicate because such evidence could be altered and destroyed very quickly and irreversibly.
Background to the Judgment
101. The Court considers that any search involving the seizure of data storage devices such as laptops, external hard drives, memory cards and flash drives belonging to a journalist raises a question of the journalist’s freedom of expression including source protection and that the access to the information contained therein must be protected by sufficient and adequate safeguards against abuse. In the present case, although the investigating judge’s involvement in an immediate post factum review was provided for in the law, the Court finds that the investigating judge failed to establish that the interests of the investigation in securing evidence were sufficient to override the public interest in the protection of the journalist’s freedom of expression, including source protection and protection against the handover of the research material. The scarce reasoning of the President of the court as to the perishable nature of evidence linked to cybercrimes in general, as the Ombudsman rightly concluded, cannot be considered sufficient in the present case, given the investigating authorities’ delay in carrying out the search and the lack of any indication of impending destruction of evidence. Nor was there any suggestion that the applicant was responsible for disseminating personal data or was implicated in the events other than in her capacity as a journalist; she remained “a witness” for the purposes of these criminal proceedings. If the case materials did include any indication in that regard, it was the investigating judge’s responsibility to carry out the necessary assessment of the conflicting interests, which was not done.
FOURTH SECTION CASE OF NAGLA v. LATVIA (Application no. 73469/10) JUDGMENT STRASBOURG 16 July 2013
http//
Additional thoughts
Cyber Wrapping - http//
One hit, hits all - http//
Cybercrime, really it's ICT Crime by any other name - http//
Cyber What? - http//
With reference to the indiscriminate use of the "cyber-" prefix
http//www.forensicfocus.com/Forums/viewtopic/t=9892/
And
http//www.forensicfocus.com/Forums/viewtopic/p=6569144/#6569144
jaclaz