Computer Forensic: Siezing the Evidence

Play Audio
Click here to Listen to this Article


Play Audio
Use this article on your own website:
Syndication Guidelines
Contributed by Andrew Whitehead

Legal Aspects of Computer Forensic Evidence

The computer forensic experts have to conform with many rules and regulations if the evidence they uncover is to be acceptable to the courts.

The first step in obtaining computer forensic evidence is obtaining a search warrant to seize the suspect system. This warrant must include wording allowing the investigators to seize not only the computer, but also any peripherals thought to be connected with the crime. A suspected counterfeiter, for instance, may have used his computer, a scanner, and a printer to produce his counterfeit documents, in which case all three items would need to be seized to provide evidence.

If it is thought that evidence is contained in emails, this also should specifically mentioned in the search warrant. Email is a sensitive area as it can be considered personal, so solid justification is needed before a suspects email is allowed to be searched.

A warrant also needs to be clear about the searching of network and file servers, whether backup media is included, and if hardware, software, and peripherals can be removed to another location to conduct the search.

In all circumstances, data not connected to the crime must not be touched. Doctors, lawyers, and clergy store documents on their PCs and much of this information is confidential. While the computer forensic expert needs to uncover evidence, care must be exercised to protect the personal information of any innocent third parties.

Seizing Equipment for Computer Forensics

Investigators can only seize equipment connected with the case; knowing the role of the computer will indicate what should be taken. For instance, if it is thought that the computer was used to store evidence then all storage media should also be seized for the computer forensic inspection. If the computer was running programs to collect and analyze information, any relevant books found at the scene should be seized to help computer forensic experts understand the programs.

If the suspect is present he must be prevented from touching the computer. A computer that is running at the time of seizure should not be allowed to shut down, pulling the plug out of the wall will prevent any programs from wiping incriminating information during the shutdown sequence. The computer forensic expert can test the shutdown sequence later, to see if it includes any destructive programs.

Dismantling Equipment for Computer Forensics

When a computer and its peripherals are removed from a crime scene, a great deal of care has to be taken while dismantling the equipment to prevent any malicious programs from being activated should the computer power system be booby trapped.

The entire set up should be photographed or a video taken before starting disassembly, notes taken at every step, and every cord labeled stating where it was attached. There are several ways to set up a computer and peripherals, and when it arrives in the computer forensics lab the suspect one will need to be set up exactly as it was at the crime scene.


very      not
 
Did you find this article helpful? 19 other readers gave it an average usefulness of 63.2%.
Tell us what you think!!

Discuss this Article   > >


Some Other Contributions by Andrew Whitehead

A Trip into the World of Computer Forensics (2005-08-08)  »

Computer forensics is the investigation and analysis of a suspects computer, to uncover evidence of a crime. For instance, theft of trade secrets, theft or destruction of intellectual property, or fraud.

Advantages and Problems with Online Backup Systems (2005-08-08)  »

Having an online backup system will save your day should your premises ever burn down, or the fireproof box containing your backup disks get stolen. The easiest means of backing up online is to set up a leased line to a remote server, and transfer da...

Alternate Site Disaster Recovery (2005-08-08)  »

In considering alternate site disaster recovery, the two main issues are the reconfiguring or rebuilding infrastructure, and moving data between the primary site and the alternate site.

Backup Software for Larger Systems (2005-08-08)  »

For a systems administrator, one of his most important roles is backing up, and being able to restore, the organizations data. When he chooses his backup software, to ensure that they meet his requirements he must evaluate the product's backup featur...

Backup Software Functions (2005-08-08)  »

It's probably true to say that most backup software applications available will do a reasonable job of making a backup. That does not mean that all backup software is created equal, and choosing the one that suits your requirements is worth spending ...

Backup to CD (2005-08-08)  »

If you have ever wondered about the importance of keeping a backup, imagine how you would feel if a virus destroyed the contents of your hard drive? Or a problem could only be solved by using a system recovery CD, wiping out all your data in the proc...

Basic Data Recovery (2005-08-07)  »

Have you ever wondered how much data is stored in your PC, and how much time and energy would go into its recovery? Your computer almost certainly contains a lot of personal data - financial data, names, addresses, and telephone numbers, bank account...

Brief Overview of Online Backup (2005-08-07)  »

Online backup is possibly the most convenient form of backing up files, leaving you with few excuses not to do it. Losing your files is something that is going to happen to you one day, not something that might happen, and if you do not backup your d...

Choosing Backup Media (2005-08-07)  »

Matching the capacity of the backup medium to the amount of data you intend to backup is very important, especially as hard disks capacities grow. The more disk or tape swaps required to perform a backup, the less likely it is that you will do it rou...

Computer Forensic: Siezing the Evidence (2005-08-07)  »

The computer forensic experts have to conform with many rules and regulations if the evidence they uncover is to be acceptable to the courts. The first step in obtaining computer forensic evidence is obtaining a search warrant to seize the suspect sy...

email this pageSend page to a Friend! »

bookmark this siteBookmark this Site! »  

all articles rssAll Articles RSS Feed! »  

all articles rssAll Podcast  »  

Most Popular Articles

popular articles audio podcast popular articles rss

Hidden in Plain Site - Internet Backup (98%)»
Online Backup Websites (97%)»
Solutions for Online Data Backup Woes (96%)»
A Few Simple Steps to an Outlook Express Backup (92%)»
Brief Overview of Online Backup (89%)»
How to Make a Backup of Your Registry Using Regedit (88%)»
What is an Online Backup? (85%)»
Proffesional Hard Drive Recovery (84%)»
Data Recovery and Importance of Disk Images (82%)»
How to Restore Your Outlook Express Backup (81%)»

New Articles & Contributions

recent articles audio podcast recent articles rss

X-Drive and Internet Backup (2006-01-01) »
Zen and the Art of Computer Backup (2005-09-05) »
Wonderful Ways to Have a Handy Backup of Your Files (2005-09-04) »
Why Do I Need to Backup My Files? (2005-09-03) »
Why Do I Need to Backup My Data? (2005-09-03) »
What to Look for When Choosing Backup Software (2005-09-02) »
What is an Online Backup? (2005-09-02) »
What Exactly are Online Backup Services? (2005-09-01) »
Weaknesse in Computer Forensics (2005-09-01) »
Using Windows Backup Software (2005-08-31) »

Recent Discussion Threads

recent threads rss RSS Feed

The beautiful girls of the Moscow »
mature anal sex hard anal sex blonde anal sex »
favorites »
Can only zip 1 file at a time? »
Cheap online backup, how to and why not »
will justzipit span disks (cd's)? »

Similar Articles

Computer Forensics Training and Careers »
Computer Forensics Guidelines »
A Trip into the World of Computer Forensics »
The Changing Face of Computer Forensics »
Weaknesse in Computer Forensics »
Computer Forensics Inc »
No Time for a Career in Computer Forensics? Try a Online University! »
Computer Forensics Training and Careers »
A Trip into the World of Computer Forensics »
Weaknesse in Computer Forensics »

Get News and Updates


We respect your email privacy!

My Recent Projects

Notepad.com - My own personal stab at an education and resources cms site. »»
YourSphere.com - A cutting-edge social networking site for young people. »»
 
 
 
Free Website Monitor - A fantastic free site monitor service we're using. If you have a website or blog, this is gold! It watches your site 24/7 -- and sends you an SMS text message should your site go down. It's clean, simple and free! If you have a site, you need this website monitor. Take a minute and set it up for your site, you can thank me later.

Get News and Updates


We respect your email privacy!