Presentation is loading. Please wait.

Presentation is loading. Please wait.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject."— Presentation transcript:

1 Evidence Computer Forensics

2 Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject to 4 th amendment  Private citizen may be a police agent

3 Role of Evidence  Material offered to judge and jury  May directly or indirectly prove or disprove the crime has been committed  Evidence must be tangible –Electrical voltages are intangible –Hard to prove lack of modification

4 Evidence Requirements  Material – relevant to case  Competent – proper collection, obtained legally, and chain of custody maintained  Relevant – pertains to subject’s motives and should prove or disprove a fact

5 Chain of Custody  Who obtained it?  Where and when was it obtained?  Who secured it?  Who had control or possession?  How was it moved?

6 Types of Evidence  Best –Primary, original documents, not oral  Secondary –Copies of documents, oral, eyewitness  Direct –Can prove fact by itself –Does not need corroborative information –Information from witness

7 More Types  Conclusive –Irrefutable and cannot be contradicted  Circumstantial –Assumes the existence of another fact –Cannot be used alone to prove the fact  Corroborative –Supporting evidence –Supplementary tool

8 More Types  Opinion –Experts give educated opinion  Hearsay –No firsthand proof –Computer generated evidence  Real –Physical evidence –Tangible objects

9 More Types  Documentary –Records, manuals, printouts –Most evidence is documentary  Demonstrative –Aids jury in the concept –Experiments, charts, animation

10 Hearsay Rule Exception  Business record exemption to hearsay rule –Documents can be admitted if created during normal business activity –This does not include documents created for a specific court case –Regular business records have more weight –Federal rule 803(6)  Records must be in custody on a regular basis  Records are relied upon by normal business

11 Before the Crime Happens  Select an Incident Response Team (IRT)  Decide whether internal or external  Set policies and procedures  If internal, include –IT –Management –Legal –PR

12 Incident Handling  First goal –Contain and repair damage –Prevent further damage –Collect evidence

13 Evidence Collection  Photograph area  Dump contents from memory  Power down system  Photograph internal system components  Label each piece of evidence –Bag it –Seal –Sign

14 Forensics  Study of technology and how it relates to law  Image disk and other storage devices –Bit level copy (deleted files, slack space,etc) –Use specialized tools –Further work will be done on copy  Create message digest for integrity

15 Thing to Look For  Hidden Files  Steganography  Slack Space  Malware  Deleted Files  Swap Files

16 Trapping the Bad Guy  Enticement –Legal attempt to lure a criminal into committing a crime –Provide a honeypot in your DMZ –Pseudo flaw (software code) –Padded cell (virtual machine)  Entrapment –Illegal attempt to trick a person into committing a crime

17 Liability  Company must practice due care  Management must practice due diligence  Follow the prudent person rule  Watch for downstream liabilities

Download ppt "Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject."

Similar presentations

FRAUD EXAMINATION ALBRECHT, ALBRECHT & ALBRECHT

FRAUD EXAMINATION ALBRECHT, ALBRECHT & ALBRECHT
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
Essential Qualities of an Investigator

Essential Qualities of an Investigator
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
The Roles of Judge and Jury Court controls legal rulings in the trial Court controls legal rulings in the trial Jury decides factual issues Jury decides.

The Roles of Judge and Jury Court controls legal rulings in the trial Court controls legal rulings in the trial Jury decides factual issues Jury decides.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.

Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.
Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.

Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.
1 Fourth and Fifth Amendments Police State – country where military or law enforcement are in power and abuse power Warrant – document that gives law enforcement.

1 Fourth and Fifth Amendments Police State – country where military or law enforcement are in power and abuse power Warrant – document that gives law enforcement.
1 Book Cover Here Copyright © 2014, Elsevier Inc. All Rights Reserved Chapter 3 THE CRIME SCENE Discovery, Preservation, Collection, and Transmission of.

1 Book Cover Here Copyright © 2014, Elsevier Inc. All Rights Reserved Chapter 3 THE CRIME SCENE Discovery, Preservation, Collection, and Transmission of.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.

1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.
The Crime Scene. Locard’s Principle Dr. Edmond Locard Dr. Edmond Locard Director of the world’s first forensic lab in France Director of the world’s.

The Crime Scene. Locard’s Principle Dr. Edmond Locard Dr. Edmond Locard Director of the world’s first forensic lab in France Director of the world’s.
Chapter 17 Videotapes, Photographs, Documents, and Writings as Evidence.

Chapter 17 Videotapes, Photographs, Documents, and Writings as Evidence.
9-1. 9-2 09 Fraud Examination Evidence I: Physical, Documentary, and Observational Evidence McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies,

Fraud Examination Evidence I: Physical, Documentary, and Observational Evidence McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies,
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.

Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
Legal Aspects of Computer System Security “Security - Protecting Our Resources”

Legal Aspects of Computer System Security “Security - Protecting Our Resources”
Information Systems Security Legal, Regulations, and Compliance.

Information Systems Security Legal, Regulations, and Compliance.

Similar presentations

Ads by Google