Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Slides:

Advertisements

Similar presentations

FRAUD EXAMINATION ALBRECHT, ALBRECHT & ALBRECHT

Advertisements

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Evidence Collection & Admissibility Computer Forensics BACS 371.

Essential Qualities of an Investigator

We’ve got what it takes to take what you got! NETWORK FORENSICS.

The Roles of Judge and Jury Court controls legal rulings in the trial Court controls legal rulings in the trial Jury decides factual issues Jury decides.

Guide to Computer Forensics and Investigations, Second Edition

Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.

Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.

1 Fourth and Fifth Amendments Police State – country where military or law enforcement are in power and abuse power Warrant – document that gives law enforcement.

1 Book Cover Here Copyright © 2014, Elsevier Inc. All Rights Reserved Chapter 3 THE CRIME SCENE Discovery, Preservation, Collection, and Transmission of.

Computer Forensics Principles and Practices

1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.

The Crime Scene. Locard’s Principle Dr. Edmond Locard Dr. Edmond Locard Director of the world’s first forensic lab in France Director of the world’s.

Chapter 17 Videotapes, Photographs, Documents, and Writings as Evidence.

Fraud Examination Evidence I: Physical, Documentary, and Observational Evidence McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies,

Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.

Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.

Legal Aspects of Computer System Security “Security - Protecting Our Resources”

Information Systems Security Legal, Regulations, and Compliance.

Guide to Computer Forensics and Investigations, Second Edition

3Digital Evidence in the Courtroom Dr. John P. Abraham Professor of Computer Science UTPA.

1 Chapter 15 Search Warrants Search Warrants. 2 Search Warrants Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment.

California Department of Corrections Crime Scene and Evidence Preservation 1 5/17/00.

Computer Forensics Iram Qureshi, Prajakta Lokhande.

Computer Forensics Principles and Practices

An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.

Introduction to Digital Forensics Florian Buchholz.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.

Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.

Types of Evidence From Arraignment to Verdict. Self-Incrimination The Canada Evidence Act - regulates rules of evidence (1893). Applies to federal jurisdictions.

1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.

每时每刻可信安全 1 Since disks and other magnetic media are only copies of the actual or original evidence, what type of evidence are they are often considered.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

1 PRESENTATION OF EVIDENCE Learning Domain PURPOSE FOR THE RULES OF EVIDENCE Protect the jury from seeing or hearing evidence that is: (w/b p. 1-3)

Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Forensic Science: Uses principles of many sciences to aid law enforcement officials and to uphold the law.

Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.

Legal aspects of forensics. Civil Law private law ◦ Regulates noncriminal relationships between individuals, businesses, agency of government, and other.

 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.

“ Copyright © Allyn & Bacon 2008 Criminal Evidence Chapter Twelve: Documentary and Scientific Evidence This multimedia product and its contents are protected.

ARKANSAS LEGAL AID OCTOBER 17, 2013 BY MICHAEL JOHNSON AND PAULA CASEY EXHIBITS.

Evidence and Expert Testimony. Expert Testimony  Two Types of Witnesses: Fact and Expert  Fact -- have personal knowledge of facts of case  Cannot.

Court Systems and Practices. 2 Copyright and Terms of Service Copyright © Texas Education Agency, These materials are copyrighted © and trademarked.

1 Introduction to Forensic Science and the Law Fourth amendment protects citizens against “unreasonable search and seizures” Police and crime scene investigators.

All rights Reserved Cengage/NGL/South-Western © 2016.

 Evidence : Something that tends to establish or disprove a fact.  Examples of evidence: › Documents › Testimony › Other objects.

CIT 180 Security Fundamentals Computer Forensics.

Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.

Basic Forensics The Scene of the Crime. I. Forensic vocabulary A. Crime Scene: Physical location where a crime may have occurred. 1. Primary Crime Scene:

CJ227: Criminal Procedure Unit 6 Seminar Mary K Cronin.

By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.

© 2014 by Pearson Higher Education, Inc Upper Saddle River, New Jersey All Rights Reserved Class Name, Instructor Name Date, Semester Lasley & Guskos,

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Forensic Science Legal Systems

Courts System Search Warrants.

All rights Reserved Cengage/NGL/South-Western © 2016.

Forensic and Investigative Accounting

Computer Forensics 1 1.

Criminal Investigation and the Law

Guide to Computer Forensics and Investigations Fifth Edition

Computer Forensics Discovery and recovery of digital evidence

Law of Evidence DOCUMENTRY EVIDENCE 30/11/2014.

TRIAL: BURDEN OF PROOF AND EVIDENCE

Crime Scene Investigation and Evidence Collection

Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall.

Chapter 17 Videotapes Photographs Documents Writings.

Class Name, Instructor Name

Presentation transcript:

Evidence Computer Forensics

Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject to 4 th amendment  Private citizen may be a police agent

Role of Evidence  Material offered to judge and jury  May directly or indirectly prove or disprove the crime has been committed  Evidence must be tangible –Electrical voltages are intangible –Hard to prove lack of modification

Evidence Requirements  Material – relevant to case  Competent – proper collection, obtained legally, and chain of custody maintained  Relevant – pertains to subject’s motives and should prove or disprove a fact

Chain of Custody  Who obtained it?  Where and when was it obtained?  Who secured it?  Who had control or possession?  How was it moved?

Types of Evidence  Best –Primary, original documents, not oral  Secondary –Copies of documents, oral, eyewitness  Direct –Can prove fact by itself –Does not need corroborative information –Information from witness

More Types  Conclusive –Irrefutable and cannot be contradicted  Circumstantial –Assumes the existence of another fact –Cannot be used alone to prove the fact  Corroborative –Supporting evidence –Supplementary tool

More Types  Opinion –Experts give educated opinion  Hearsay –No firsthand proof –Computer generated evidence  Real –Physical evidence –Tangible objects

More Types  Documentary –Records, manuals, printouts –Most evidence is documentary  Demonstrative –Aids jury in the concept –Experiments, charts, animation

Hearsay Rule Exception  Business record exemption to hearsay rule –Documents can be admitted if created during normal business activity –This does not include documents created for a specific court case –Regular business records have more weight –Federal rule 803(6)  Records must be in custody on a regular basis  Records are relied upon by normal business

Before the Crime Happens  Select an Incident Response Team (IRT)  Decide whether internal or external  Set policies and procedures  If internal, include –IT –Management –Legal –PR

Incident Handling  First goal –Contain and repair damage –Prevent further damage –Collect evidence

Evidence Collection  Photograph area  Dump contents from memory  Power down system  Photograph internal system components  Label each piece of evidence –Bag it –Seal –Sign

Forensics  Study of technology and how it relates to law  Image disk and other storage devices –Bit level copy (deleted files, slack space,etc) –Use specialized tools –Further work will be done on copy  Create message digest for integrity

Thing to Look For  Hidden Files  Steganography  Slack Space  Malware  Deleted Files  Swap Files

Trapping the Bad Guy  Enticement –Legal attempt to lure a criminal into committing a crime –Provide a honeypot in your DMZ –Pseudo flaw (software code) –Padded cell (virtual machine)  Entrapment –Illegal attempt to trick a person into committing a crime

Liability  Company must practice due care  Management must practice due diligence  Follow the prudent person rule  Watch for downstream liabilities