Friday, September 13, 2019

Computer Forensic Examiner Field Report Case Study

Computer Forensic Examiner Field Report - Case Study Example During the process of gathering digital evidence, elaborate documentation is necessary to help identity evidence, and demonstrate policies used in the exercise. In addition, appropriate documentation is essential in the location of evidence found in a crime scene. In relation to documentation, a clear chain of custody helps determine analysts involved in handling of evidence. It also identifies the owners of evidence and persons who receive it, as well as store them (Turkey, 2008). This concept is vital in tracing the movement of evidence from one analyst to another. During a digital evidence fieldwork, an evidence custodian will keep accurate documentation of the evidence and ensure that evidence has tags and stored in secure bags ready for transport. The most vital reason for maintaining chain of custody is ensuring that digital evidence is admissible as evidence (Soloman, 2011, p.55). Concisely, the above tasks transpired during a recent digital evidence fieldwork where I was call ed to identify, secure, and preserve digital evidence from a suspected corporate user. Observation Last week on 25 November 2012, our department received a request to from a local media firm for a digital evidence analysis. ... The room had several other pieces of computer hardware such as servers, switches, and network cables. There were some shelves on the right with some five computers. The administrator, who was showing us the computers, pointed at the computers and told us that the suspect used one of the computers. Seeing that we had room to use for the investigation, I agreed with Dorothy what we could carry identify the evidence on it. First, we asked the network administrator to help us identify the suspect computer. To do this, we asked network administrator to produce a list of IP address and associated MAC addresses during the period when the crime is believed to have occurred. Being that the he had prior records, we had the Mac address of the suspect computer, 00:80:R2:45:F7:67. We booted all the computers and indented the computer with the above MAC address. Dorothy documented the model of the computer and the serial number she found underneath the computer. Evidence collection Being that the owner of the computers—the media firm—we were ready to begin collecting evidence of the alleged CP, which was a crime and against the policies of the firm. First, we ensured that no one was around the computer alone except for Dorothy and I as we did not want any disturbance. We opened the computer and using our tools, we run some applications to check if there was any evidence of CP in the suspect computer. The first tool that we used was Retriever, which searched the entire hard drive and located child pornography material in the disk drive. The computer had several files and links of child pornography in the internet history and browser cookies. We did document what the retriever software displayed as the search result. Moreover,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.