Forensics Digital Evidence/Forensics and the Research Paper

Open, View, and/or
Download this Document

Total Length: 3398 words ( 11 double-spaced pages)

Total Sources: 10

Page 1 of 11

This phase is described by Carrier as the phase where we "...use the evidence that we found and determine what events occurred in the system" (Carrier, 2005).

2.2. The United States Department of Justice's (USDOJ) digital forensic analysis methodology

The second methodology under review in this paper has been put forward by the United States Department of Justice. This consists of four basic phases: collection, examination, analysis and reporting (Shin, 2011). More specifically, stages of this digital forensic methodology are comprised of the following central aspects. Firstly, there is the obtaining of the data, followed by the forensic request; the preparation and extraction phases; identification and finally analysis and forensic reporting leading to case level analysis (DIGITAL FORENSIC ANALYSIS METHODOLOGY).

The preparation and extraction phase is characterized by the examiner's question as to whether there is sufficient information to proceed and to ensure that there is sufficient data available to answer the request or requests that might be made in the investigation (Carroll et al.). The duplication of forensic data is also part of this process, as well as the verification of its integrity. This process assumes that "....law enforcement has already obtained the data through appropriate legal process and created a forensic image" ( Carroll et al.). After verification and integrity testing, the process of extracting the data is begun.

The identification process refers to the rigorous identification of the forensic evidence in terms in the extracted data list. However, if the forensic examiner encounters incriminating items of evidence which are outside the original search warrant, the recommendation is that activity is halted and the authorities notified. (Carroll et al.). An example given is: "law enforcement might seize a computer for evidence of tax fraud, but the examiner may find an image of child pornography" (Carroll et al.). This is an important aspect as it indicates that this methodology is extremely flexible and takes into account context and content outside the initial prescribed parameters.

The analysis phase is all important to the forensic process. In this phase, "...examiners connect all the dots and paint a complete picture for the requester"(Carroll et al.). Part of this process is the correlating of relevant data with questions such as what was the original and other relevant questions that provide insight into the investigation. This phase has been critiqued in this methodology as being "... improperly defined and ambiguous" ( Shin, 2011).

3. Comparisons and Evaluations

Carrier's model or methodology plays considerable attention to data integrity. This is evident for instance the correlation process where data is correlated with various outside sourced in order to prevent forgery or inaccurate forensic data.

If we compare these two methodologies in terms of heading such as evidence integrity, management of lead information and evidential context, we find that

Carrier's Methodology is useful from a number of perspectives. Carrier places emphasis on the initial investigatory process and the identification and verification of data. As Carrier states in an article entitled Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers (2002), " As with any investigation, to find the truth one must identify data that: Verifies existing data and theories (Inculpatory Evidence), Contradicts existing data and theories (Exculpatory Evidence)" ( Carrier, 2002). This focuses on identification and analyse in this methodological model.

Stuck Writing Your "Forensics Digital Evidence/Forensics and The" Research Paper?

View All Our Example Forensics Digital Evidence/Forensics and the Research Paper

Have A Custom Example Essay Written



The United States Department of Justice's digital forensic analysis methodology is more broadly designed and seems to be more focused on procedural details and protocols and also tends to be more meticulous in terms of guidelines. This is evident in some degree in the preparation and extraction phase of the methodology. It could be argued that this methodology is therefore more effective and integrated in terms of management of information.

Another important difference that is evident in the literature on this methodology is that it could be argued that the USDOJ digital forensic analysis methodology tends to be more concerned with context. This is clear if we compare the identification process and the attention given to the extracted data list and to any other leads that may surface in the process of identification and in comparison to the extraction list. For example,

Depending on the stage of a case, extracted and identified relevant data may give the requester enough information to move the case forward, and examiners may not need to do further work. For example, in a child pornography case, if an examiner recovers an overwhelming number of child pornography images organized in user created directories...

(Carroll et al.).

A close comparison of the various aspects reveals as well that there are possibly more similarities than dissimilarities between the two methodologies.

Conclusion

As s has been noted by Shin (2011) above, it is asserted that many modern digital forensic methodologies are lacking with regard to the classification of cyber crime and in relation to psychological profiling investigation methods. This also refers to aspects of both methodologies that have been discussed. In summation however it should also be pointed out that both these methodologies adequately cover the field of computer and digital forensics and that both provide useful frameworks for collection data, data integrity, analysis and legal considerations.

We could suggest that Carrier's methodology and model tends to lean more towards the investigative and computer orientated aspects of digital forensics, while the forensic model provided by the United States Department of Justice is more inclusive and also seems more deeply concerned with procedural process and patterns and the important aspect of context. Another suggestion is that the United States Department of Justice would be more expensive and time consuming to implement because of its extensive protocols and detailed procedures.

While both these methodologies may have shortcomings, they can be seen as part of the natural evolution towards as more comprehensive set of methods and parameters for contemporary digital forensic investigation and analysis. One should also take into account that there are a number of newer models and methodologies that have emerged which attempt to provide a more inclusive and comprehensive coverage of the different variables. Shin ( 2011) for example discusses a more comprehensive methodology . This proposed model contains the following phases.

a readiness phase consulting with profiler cyber crime classification

Investigation priority decision damaged cyber crime scene investigation analysis by crime profiler suspects tracking, cyber crime logical reconstruction report writing.

( Shin, 2011) .

In the final analysis, while there may be more comprehensive emerging methodologies, those put forward Carrier and the United States Department of Justice should be seen as valuable contribution to the advancement.....

Show More ⇣

     Open the full completed essay and source list


OR

     Order a one-of-a-kind custom essay on this topic


sample essay writing service

Cite This Resource:

Latest APA Format (6th edition)

Copy Reference
"Forensics Digital Evidence Forensics And The" (2011, October 02) Retrieved May 18, 2024, from
https://www.aceyourpaper.com/essays/forensics-digital-evidence-forensics-45994

Latest MLA Format (8th edition)

Copy Reference
"Forensics Digital Evidence Forensics And The" 02 October 2011. Web.18 May. 2024. <
https://www.aceyourpaper.com/essays/forensics-digital-evidence-forensics-45994>

Latest Chicago Format (16th edition)

Copy Reference
"Forensics Digital Evidence Forensics And The", 02 October 2011, Accessed.18 May. 2024,
https://www.aceyourpaper.com/essays/forensics-digital-evidence-forensics-45994
   

Open, View, and/or
Download this Document
order custom essay example