dfm covers
 
 

Proactive Computer Forensics

Written by DFM team



Proactive Computer Forensics – Preparing for Search & Seizure 

Scott Zimmerman

In Scott's final article in the series, he examines Search & Seizure procedures used by US Federal LE organizations and by international organizations. 

The practice of computer forensics has become more economically feasible in recent years and some larger organizations have begun to add internal computer crime investigation personnel to their rosters.  Similarly, a growing number of commercial companies offer forensic services to other businesses and to governments. These services often include data recovery from erased or physically damaged media, in-house incident response and litigation support, such as providing expert witnesses.  


However, a great amount of computer crime investigation experience lies with Law Enforcement (LE) organizations.  The goal of this article is to provide non-LE personnel with the guidelines they need to gather evidence and conduct forensic examinations in accordance with law enforcement standards.  What better way to meet these standards than to follow the same procedures used by law enforcement?


Search & Seizure – How to Search and What to Seize

By answering a series of questions, individuals involved in an investigation can plan their approach to collecting evidence.  The context is computer crime investigation and as such the role of a given computer at the scene will fall into one of four broad categories:


  • Was the computer itself the objective of the crime?  If the perpetrator broke into a facility and stole the computer, the computer would be the objective.
  • Was the computer a tool used to commit the offense?  If the perpetrator used his home computer to compromise an online banking site, the site would be the objective; the computer would be a tool.
  • Is the computer only indirectly related to the incident?  Picture a suspect who generated false credit reports and credit card numbers on his desktop machine and sold the bogus information to people who were laundering money.  The suspect kept track of what he sold, to whom, using an accounting software package installed on a laptop. The credit reports and card numbers would be the objective; the desktop machine would be the tool; the laptop would be indirectly related to the crime.
  • Was the computer used for multiple tasks or stages of the crime?  In the example above, if the suspect generated false credit information on the same laptop he used to record his financial records, the laptop would have been used as a tool and as a storage device.  It would then be both directly and indirectly related to the crime.


To read Scott Zimmerman's article make sure you're a subscriber. If not, join today!



 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

Scott C. Zimmerman

Scott C. Zimmerman is a CISSP qualified Information Security consultant and presenter

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 32 on sale from August 2017:


Triage Solution for Sex Offender Managers

This article considers a proof of concept triage solution for sex offender managers for a local police force which if successful could simplify and modify the way that sex offenders are managed. Read More »

Advancements in Windows Hibernation File Forensics

Brian Gerdon looks at how the windows hibernation files can be a valuable source of information for digital forensic investigators. Read More »

Subscribe today


Why Are Cybercriminals Attracted To Commit Crimes

Individuals who engage in cybercrime have a psychological mindset that is attuned to it. This paper discusses the motives behind cybercrime and what makes cybercrime attractive to cybercriminals. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue