Saturday, 2 January 2010

Forensic Cop Journal 3(2): Standard Operating Procedure of Seizure on Computer-based Electronic Evidence

Introduction

Handling the evidence found in the case of computer crime or computer-related crime is different from handling other evidence such as blood, tool marks, trace, and fibres. The evidence found at such crimes is grouped as computer-based electronic evidence. As the evidence from this type of crime is easy to volatile, digital forensic analyst should be able to understand how to handle it properly. With proper handling, it is expected that the analyst could reveal the contents of the evidence and bring it to further investigation. With proper ways, the findings in the evidence are also reliable and even it can be accepted by the court, otherwise it will be doubt and even rejected by the court.

Based on this fact, as to handle such evidence is so essential, the analyst must pay more attention when finding it at the crime scene. To handle it is started from seizure; therefore the seizure technique plays a key role on handling it properly. From the seizure at the crime scene, chain of custody of the evidence is also started. Chain of custody is a comprehensive description about the travelling of the evidence from the crime scene to the court. Who firstly found it at the crime scene; and then who handles it in further investigation actions till who submits it to the court. It also describes who does what on the evidence. However this journal does not discuss about chain of custody, but it will explain about how to perform proper seizure on computer-based electronic evidence.

Computer-based Electronic Evidence

The evidence which is found in the case of computer crime or computer-related crime and requires digital forensic analysis is grouped as computer-based electronic evidence. This evidence is actually physical evidence as it is visually seen. Digital forensic analyst and criminal investigators should seek the existence of this evidence type at crime scene. After finding it, they perform a proper seizure on it.

The findings in the form of data or information stored in the evidence are called digital evidence. This digital evidence is then required to be found and analysed by digital forensic analyst as it can prove the relationship between the case and the perpetrators.

There are two conditions related to the seizure of computer-based electronic evidence. Both conditions should be understood correctly by the analyst or the investigators, so that they can perform seizure properly. Below are the conditions.
Condition 1: The electronic evidence appears to be switched off
Condition 2: The electronic evidence appears to be switched on
To know how to do seizure properly on each condition including what types of the evidence which should be seized at the crime scene, please access http://www.scribd.com/doc/24696245/Forensic-Cop-Journal-3-2-2010-Standard-Operating-Procedure-of-Seizure-on-Computer-Based-Electronic-Evidence. On this link, the full version of this journal is provided.

Good Luck...!

No comments:

Post a Comment