CSS350-1804B-01 Computer Forensics

CSS350-1804B-01 Computer Forensics I

Forensics Research Report

Electronic Evidence and Crime

The case that I am following is The People v. James Kent from 2007 (infosec institute, 2007).  The way that his crime was uncovered was due to the change out of new computers in the university, so the data was transferred from old disks to new ones and the IT department ran an anti-virus software on the computer. He had over 14,000 images recovered. He was ultimately sentenced to 3 years on 141 counts of child pornography. The way that the evidence was analyzed was through the administration of the anti-virus scan. The evidence used in the was the computer that was at Mr. Kent’s place of work; Dutchess County college. The school was receiving new computers and they needed to be switched out. When one of the IT reps was running the anti-virus on the Professors computer after he complained of the new computer malfunctioning. He/she transferred the old files to his new computer hard drive and it caused the computer to malfunction. With this kind of upgrade, it caused the system to act weird because he had private images on the hard drive that was not compatible with the new school system. The anti-virus scan had failed initially so the IT office had to remove the actual hard drive from the computer and that is where the discovery was made. The defendant had a file on the computer named “work” but had some “.jpg” and “thumbnails” of inappropriate pictures of girls. The way that it supported the case is because it was literally all they had on him. He denied viewing these images and saving them on his work computer. The lead investigator on the case used a software called EnCase which pinpoints the location of where the images were viewed from and when kind of like a GPS on the computer. So Electronic Evidence is a lot easier to prove due to the electrical footprint it leaves behind, and we cannot remove it.  Some may try but all will fail unless you destroy the devices used.

Chain of Custody Concerns

The physical and electronic evidence that can be obtained by the investigator of a crime is basically anything that is found in a place or on a person where the warrant is valid. Investigators must have a warrant to get any evidence such as social media, personal laptops, computers, cell phones, and any other emails that can be retrieved. How would you safeguard that evidence? When you have a cellular device that are you getting evidence from you must make sure that it isn’t uploaded to the cloud or the device is backed up to maybe google or apple. I say this because once a device is uploaded to the cloud or google it can be deleted from the phone but will always be saved in those places. So, the investigator has to obtain a warrant to get the info from the cloud or google. I would safeguard the evidence by first collecting it and keeping a paper trail going for it. Make sure that the log for the evidence has document of when and where it was collected, they type of digital or physical evidence it is, and who(m) owned the device. How would you create a chain of custody for this evidence? The same way that I would safeguard the evidence. What are the limitations when protecting evidence only found online or in the cloud? Well according to i-sight.com the limitations to getting evidence only available online or in the cloud is that no more just identifying what device has the information and going to obtain it, but now we must look at the fact that it can be held on several different devices and constantly have the ability to delete the content. If you are not familiar with the way virtual storage works this can be an obstacle one can face. With technology constantly changing, new policies and tools in maintaining the ability to preserve and recover the data needed to catch cyber criminals is on a rapid change. (Digital Evidence in the cloud: a challenge for investigators, 2018)


https://resources.infosecinstitute.com/category/computerforensics/introduction/notable-      computer-forensics-cases/#gref

CIPARICK, J, 2013 (caselaw.findlaw.com/1600537)

Russell, L CNN, 2013 (CNN Business social media sharing)

Law enforcement Cyber Center, 2018 (www.iacpcybercenter.org)