Академический Документы
Профессиональный Документы
Культура Документы
Computer Forensics
Computer Forensics 2
Introduction
The introduction of computers and internet has created a global revolution in many ways.
operations. The productivity and output has been enhanced through the use of computer
applications (Baryamureeba & Tushabe, 2004: Pg 23). Organizations are able to use the
internet as a means of accessing new global markets. Individuals use the internet as a
internet has a profound and deep impact on human lifestyle. It has altered the nature of
human society in a proficient and effectual manner. Yet this has also posed a serious
challenge in terms of criminal activities and malicious behaviors. Identity fraud and cyber
crimes pose a serious threat at the individual and social levels. The need to adopt a
reliable, scalable, and flexible response has been felt by international organizations and
create a uniform set of guidelines (Baryamureeba & Tushabe, 2004: Pg 23). Such an
approach will help in the fight against malicious activities and affairs. It would create a
forensics is a rapidly emerging field that is concerned with the collection, preservation,
prosecution and civil cases (Baryamureeba & Tushabe, 2004: Pg 23). The scope and
technology which can be used to obtain information on digital devices. This information
Computer Forensics 3
can be used as evidence in criminal and civil cases. Computer forensics investigators
engage in a plethora of activities which include examining and assessing the computer
system. Operating system, applications, hardware, and software are assessed in a smart
must be presented in a clear manner because many legal systems have different
guidelines about the admissibility of digital information. The developed world does not
have uniform guidelines in computer forensics. Specific issues like jurisdiction, evidence
manner. This means that a systematic approach needs to be adopted in order to create a
robust and flexible formula for success. The use of strategic initiatives through dialogue
and consensus is essential for the development of best practices. Similarly computer
forensics investigators need to be trained in the use of various practices. Quality should
be the criteria along with the knowledge of specific applications and tools. However the
focus should not only be on the skilled use of proprietary software and tools. Computer
assessment. This paper will conduct a literature review about the computer forensics
field. It will identify the national guidelines that exist in EU, US, and UK for computer
forensics field. Finally it will seek to develop a generic model that adopts uniform
Literature Review
Computer Forensics
Computer forensics has emerged as a new branch of forensic science that seeks to extract
appropriate evidence from digital storage media. The overall aim is to analyze and assess
the information that is present in digital artifacts (Baryamureeba & Tushabe, 2004: Pg
23). Any digital device which uses electronic documents and sequence of packets can be
assessed and investigated by this discipline. Empirical studies have documented the need
for computer forensic techniques in a number of cases. They can be used in criminal
cases to assess and evaluate computer systems that have been used by defendants. Data
can be retrieved in the event of accidents, malicious activities, and emergencies. Intrusion
attempts can be successfully assessed and evaluated by using this process. Information
about the computer systems for troubleshooting and debugging can be obtained by using
computer forensics (Baryamureeba & Tushabe, 2004: Pg 23). The entire process of
investigator should have appropriate and clear objectives. The originality of the data
original data should be conducted in an efficient and effective manner. A complete audit
of the various processes that have been performed on the computer should be conducted
accountable for ensuring that the entire procedure is conducted in a legal and transparent
manner. Computer forensics has been constantly updated through the advent of new tools
and applications. There has been a growing trend towards sophistication of technology
and human skills. Empirical studies document that successful computer forensics
Computer Forensics 5
investigators must have analytical and critical skills. They should be able to develop a
complete formula which can be used to attain success. The development of different
strategies is critical for the success of the approach. The use of multifaceted and dynamic
strategies helps to create an optimized result. It leads to the development of efficient and
effective procedures. Computer forensics is a rapidly changing field due to the new types
procedures are in place as a means of retrieving information which can be used as digital
information. The use of superior mechanisms enables the critical success of all
approaches. It uses a smart approach that is based upon authentic facts and figures
because it seeks to develop a robust formula for success. The use of different strategies is
critical for attaining success in the business environment. Similarly incidents reporting
process should be strengthened through the use of various strategies. Estimation about the
nature of the incident should be properly safeguarded through the use of smart and
success of the program. The use of multifaceted approaches is essential for producing an
an efficient and effective manner. The entire time and date stamps need to be collected in
an efficient and effective manner. Further system patches should be applied through the
Computer forensics investigators must have a number of competencies and skills in order
to accomplish their tasks in an efficient and effective manner. They must exhibit critical
decision making and thinking abilities. They should have proper analytical and
assessment skills. They must be able to utilize a neutral and objective approach when
studies conclude that the greatest skill for computer forensics investigators is the ability
investigators are concerned with cyber crimes and internet technologies. They need to
apply proper knowledge in order to conduct threat assessments. Specific strategies are
the legal framework is crucial for the success of the entire program. Computer forensics
investigators need to have constant training and preparation. This approach helps them to
their ability to apply theoretical concepts in practical situations. The ability to apply
innovative and creative methods to resolve problems is a key competency for the field.
of the entire program (Baryamureeba & Tushabe, 2004: Pg 26). An appropriate and
robust strategy should be conducted so that superior outcomes are initiated. Investigators
need to implement best practices by writing extensive manuals. Senior personnel should
be used to train and develop the competencies of junior investigators. The entire process
Forensic Process
Computer Forensics 7
The forensic process is divided into several steps because such an approach helps
investigators to resolve complex problems. They must be able to apply specific strategies
for the success of the entire program. They must have access to tools that can be used to
generate accurate and reliable reports. Appropriate strategies can help to create robust
Digital evidence needs to be collected from multiple sources in a proficient and effectual
manner. Electronic devices are the primary source of digital information because they are
easily available. The investigator must seek to adopt special procedures during the
collection process. This is due to the fact that digital information can be altered or
tampered in an accident manner. Further the ability to identify or assess changes can
become a time consuming and cumbersome process. Imaging software is often used as a
means of preventing any changes or alteration in the digital media (Carrier & Spafford,
2003: Pg 56). Chain of custody is created with the sole purpose of saving digital
investigators to ensure accuracy and reliability. Tested tools are usually recommended as
a means of ensuring accurate outcomes for the entire process. The digital collection
process cannot ignore the human side of the story. The user needs to be interrogated in an
intelligent and smart manner. This helps the investigators with information about
(Carrier & Spafford, 2003: Pg 56). The user’s information about the network, hardware,
and software can augment the entire process of digital collection. This can create legal
Computer Forensics 8
issues because users might not cooperate with the investigators. Inside the United States,
the law enforcement departments need to obtain special permit from the courts for
collecting digital information. This is done as a means of protecting and safeguarding the
Static analysis is a procedure in computer forensics that assesses digital information when
computer systems are shut down. This analysis was also performed to prevent any
alteration or tampering of the digital evidence. It was generally believed that such an
approach would help to prevent or reduce cyber crime incidents. However static analysis
has been dubbed to be inaccurate and unreliable in several cases (Carrier & Spafford,
2003: Pg 56). This has prompted the investigators to initiate live analysis. The benefits of
this approach are that proper encryption techniques can be initiated. Data loss can be
prevented by using an efficient and effective strategy. Further many intruders and hackers
do not leave any trail when committing malicious attacks. The information on computer
memory is abused in order to fool investigators. Live analysis can help to plug this gap
by using a logical and methodical approach (Carrier & Spafford, 2003: Pg 59).
Cryptographic storage has also prompted many computer forensic investigators to apply
live analysis as a means of collecting digital evidence. Live analysis helps in the
Imaging has emerged as a major tool in the computer forensics discipline because it seeks
to create exact replicas of computers and other electronic devices. Several imaging tools
can be used to obtain exact duplicates of hard drives (Carrier & Spafford, 2003: Pg 64).
The user-accessible areas are imaged because of their efficiency and effectiveness. This
helps to safeguard the data from any intentional or unintentional tampering. Various
algorithms like MD5 and SHA-1 hash function are used in the imaging process. Hashing
helps to create high levels of efficiency and effectiveness. It leads to the creation of a
robust and viable evidence system that can be used in a number of situations. Imaging
software needs to be selected for interoperability with various operating systems. The
challenge for investigators is the use of open source vs. proprietary software. Open
source is beneficial because it is cost effective (Carrier & Spafford, 2003: Pg 71). Bugs
can be removed through the open source forums present on the internet. However
systems.
Sometimes computer forensics investigators need to collect evidence from active and
open machines. This is done through analysis and assessment of the applications and
network ports (Casey, 2004: Pg 90). Linux based tools are available for obtaining
information about the network. Surrounding applications and their ports can be analyzed
by using such applications. Registry and RAM can be assessed using such tools since
they play a vital role in helping computer forensics investigators to analyze the use of
emails and other software. Windows partition can be analyzed and assessed by using
Computer Forensics 10
smart and vibrant strategies. BitLocker and Trusted Platform Module are efficient
applications that help in the collection of volatile data (Casey, 2004: Pg 90).
The entire process of computer forensics requires extensive analysis and reporting. This
needs to be done through the presence of skilled and qualified computer forensics
efficiency and effectiveness (Casey, 2004: Pg 90). The use of different skills is
considered vital for the entire process. Computer forensics experts must utilize a
environment. The development of a superior strategy helps to attain goals. The material is
searches are utilized as a means of attaining excellence. E-mail, documents, and pictures
(Casey, 2004: Pg 92). It creates a supportive environment in which the objectives can be
attained by using a smart strategy. The analysis and reporting should be done through
The United States has been leading the information communication technology as
witnessed by the presence of major companies like Microsoft, IBM, Cisco, Nortel, Dell,
Oracle, etc. A set of comprehensive and robust guidelines for computer forensics has
been established in the country. The Fourth Amendment provides protection against
unwarranted search and seizure (National Institute of Justice, 2002: Pg 32). Similarly the
Registers and Trap and Trace Devices Statute, and Stored Wired and Electronic
Communication Act are concerned with the process of regulating the computer forensics
industry in a legal and transparent manner. US guidelines call for safeguarding the
authenticity and value of the evidence. Computer forensic investigators must seek to
apply various safeguards to protect the integrity of the evidence. The target computer
needs to be disconnected with an analysis of its CMOS system. Disk imaging has become
mandatory because it helps to prevent alteration in data and information. This means that
the target media must be replicated in an open and transparent manner. This becomes
crucial because it helps to create an efficient and effective framework. It leads to the
development of smart and prudent procedures that provide high levels of efficiency and
investigators are mandated to analyze and examine the various components of the
computer. This means that operating system, windows, registry, RAM, hardware, and
comprehensive framework has led to the production of smart outcomes. It has enabled the
creation of efficient and effectual goals. Law enforcement departments in the United
Computer Forensics 12
States cannot conduct illicit searches and seizures. They need to obtain court orders in
which they can access the computers for legitimate purposes (National Institute of
Justice, 2002: Pg 34). However new legislation that has been enacted in the aftermath of
9/11 means that the process of issuing court warrants has been expedited. This has been
due to the sheer threat of terrorism which can threaten the interests of the United States.
Pre-9/11 laws were considered to hinder the ability of law enforcement officers to
successfully fight against terrorists and criminals. The legislation in the United States
also seeks to create a collaborative and efficient framework in the fight against online
threats. The United States has a well developed and advanced system for computer
forensics (National Institute of Justice, 2002: Pg 32). This system has been instrumental
in thwarting new types of threats. However there are concerns that the system is rigid and
inflexible since it does not lead to efficient outcomes. The law enforcement departments
do not have adequate training in collection of digital evidence. Further static analysis of
data is still pursued despite extensive legislation. This calls for policy makers to develop
superior outcomes which can allow success in the business environment. The
development of robust and appropriate procedures is critical for the success of the entire
program (National Institute of Justice, 2002: Pg 32). The use of a multifaceted strategy is
important principles during the digital information collection process. The seizure of
information must not prevent its alteration or tampering. Only qualified computer
forensics investigators must be able to intervene during the digital evidence collection
proper documentation (Baryamureeba & Tushabe, 2004: Pg 23). This is done in order to
prevent human errors from interfering in the entire process. Every computer forensics
investigator is responsible for the preservation and safety of the evidence. This is done in
order to ensure high levels of efficiency and effectiveness. Private agencies involved in
the entire process must ensure compliance with government procedures and regulations.
However despite the presence of such overwhelming guidelines, the margins of error and
failure continue to exist. The lack of proper documentation has been recognized as the
greatest threat in the computer forensics industry. The lack of accurate information for
the decision making structures can lead to problems (Baryamureeba & Tushabe, 2004: Pg
29). Accessibility to digital evidence must be safeguarded by using a smart and proactive
approach. Similarly incidents reporting process should be strengthened through the use of
various strategies. Estimation about the nature of the incident should be properly
safeguarded through the use of smart and proactive measures. The development of a
comprehensive strategy is critical for the success of the program. The use of multifaceted
Rogue processes need to be terminated in an efficient and effective manner. The entire
time and date stamps need to be collected in an efficient and effective manner. Further
system patches should be applied through the use of a vigorous and dynamic process. The
development of smart strategies is critical for the success of the entire program. The use
need to utilize a number of tools and software. The use of various applications helps to
The European Union has established an organization called “The Council of Europe
reliable guidelines to regulate the discipline of computer forensics. The objectives have
been to create high levels of consistency and reliability between the various elements of
the law. It seeks to empower local law enforcement departments with the required
Finally it seeks to create consensus among member states to create uniform guidelines in
the discipline of computer forensics. It seeks to prevent cyber crimes like identity theft,
fraud, and hackers. It seeks to create a robust framework against illegal access, data
interference, system interference, and misuse of devices. The European Union believes
forensics (Reith, Carr, & Gunsch, 2002: Pg 123). This can be achieved only if verifiable
and reliable procedures for audit exist in various departments. Computer forensics
investigators must demonstrate a set of competencies which are essential for the success
of the program. They should have practical knowledge and expertise which can help them
in the field. Further they also need to achieve high levels of efficiency and effectiveness.
The development of a comprehensive strategy is essential for the success of the program.
The use of multidimensional and multifaceted approaches is critical for the attainment of
objectives and targets. The competencies of investigators are checked in a formal and
Computer Forensics 15
logical manner. Specific performance measurements and objectives are outlined in order
to strengthen the entire process (Reith, Carr, & Gunsch, 2002: Pg 123). The EU
guidelines are robust since they focus on quality assurance. They take up vigorous tests in
order to ensure quality assurance and control in the environment. This helps in the
process of recruiting competent and qualified computer forensics investigators who can
assist in the process. A major plus point of the guidelines is that scientific research and
review is periodically conducted about tools and processes. This approach helps the
departments to obtain valuable information about the strengths and weaknesses of their
effectiveness can be attained. However a major problem with EU guidelines is that some
member states have refused to collaborate with each other (Reith, Carr, & Gunsch, 2002:
Pg 123). Each country has different approaches towards empowering law enforcement
departments with the powers to engage in computer forensics. Also despite extensive
guidelines, the goal of quality assurance and excellence remains an elusive goal. The EU
needs to take into account various factors. Appropriate methods for data collection should
utilized in order to create a generic model (Reith, Carr, & Gunsch, 2002: Pg 125).
This approach will lead to high levels of efficiency and effectiveness. It would create a
would help to eradicate problems that are faced in the business environment. Cyber
crimes need to be thwarted by using a professional and collective response from member
states.
Computer Forensics 16
The United Kingdom has a set of broad legal guidelines for computer forensics. The local
governments and national governments have separate laws that guide the entire process.
The most important difference in the national and state systems is the type of evidence
that can be collected. There is a focus on providing autonomy to each county because of
the legal system (Steinke, 1997: Pg 49). The results are that there are no uniform or
consistent guidelines in the entire process. There is a trend towards accepting certain
types of digital evidence while rejecting others. This creates numerous problems as cases
can become vague and ambiguous. However the British system helps to use new laws
that have accepted the validity of the computer forensics. The principles for digital
evidence collection are to preserve its authenticity. Further there is a focus towards
ensuring that computer systems are not altered or tampered. The evidence must be
duplicated through the use of imaging software. Specific protocols are present for
analyzing and assessing the evidence in an effective and efficient manner (Vacca, 2002:
Pg 102). The United Kingdom under the government of Tony Blair implemented a
number of laws which were designed to fight cyber crimes. The threat of terrorism in the
UK has led the government to implement different laws. This has led to the development
of protocols which enable the creation of efficient and effective approaches. Digital
evidence collection involves the process of identifying malicious files and documents. It
also involves investigating and assessing the financial assets of suspected groups. Law
enforcement departments can investigate financial assets through legal orders (Vacca,
2002: Pg 123). The development of different protocols has led to the creation of new
Computer Forensics 17
preservation, and presentation standards. A regulatory manual should exist that can act as
be monitored and assessed because it is the key for success in computer forensics. The
development of different approaches is critical for the success of the program. The use of
innovative and creative approaches is essential if it must succeed (Vacca, 2002: Pg 125).
However there are concerns that the system is rigid and inflexible since it does not lead
to efficient outcomes. The law enforcement departments do not have adequate training in
collection of digital evidence. Further static analysis of data is still pursued despite
extensive legislation. This calls for policy makers to develop superior outcomes which
can allow success in the business environment. The development of robust and
appropriate procedures is critical for the success of the entire program. Quality should be
the main performance measurement for computer forensics investigators. This is essential
presentation of evidence. Similarly the legal workforce should be taught about the basics
expectations in the entire discipline. The United Kingdom has set of authentic and
Qualified experts are needed in order to ensure the success of the program. The UK has
an efficient system that mandates the use of proper documenting and reporting. The
estimates about the nature of the threat are deemed to be crucial for the success of the
Computer Forensics 18
entire program. The use of multifaceted strategies is critical for ensuring a robust
formula. Computer forensics needs to be developed through the use of smart and robust
strategies. Flexible, reliable, and scalable models are needed in order to ensure the
success of the program. The use of dynamic strategies helps to create an excellent
outcome for the entire model. Appropriate validation techniques must be implemented
while rogue processes need to be terminated (Baryamureeba & Tushabe, 2004: Pg 36).
The system should remain in a safe state to prevent file corruption or tampering. It must
be safeguarded from physical threats that could destroy the integrity of the evidence. The
development of a safe and smart approach is essential for the entire system. The use of
multifaceted approaches helps to create excellent outcomes for the entire program.
Generic Model
Computer forensics is rapidly emerging as a necessity for many countries in the world. It
plays a critical role in criminal and civil cases. Moreover it can be used as a powerful tool
in many different types of cases. It leads to scalable, reliable, and agile criminal
investigation procedures (Forcht & Ayers, 2001: Pg 55). Cyber crimes are changing as
protocols. The use of such strategy is based upon superior outcomes. A generic model for
smart and prudent procedures is critical for the success of the program (Forcht & Ayers,
2001: Pg 55). The evolution of computer forensics is strongly interlinked with the
Computer Forensics 19
development of technologies and applications. The first important aspect of the process is
to strengthen the preparation part. This is crucial for the success of a forensic
effective manner. The veracity of the evidence should be outlined in a cost effective and
smart manner. The data must be analyzed and assessed by using a proactive approach.
Collection, examination, analysis, and reporting are key components of preparation. They
seek to obtain evidence in an efficient and effective manner (Forcht & Ayers, 2001: Pg
55). They strive to create an environment in which superior outcomes can be attained
through the development of various approaches. The investigation stages should provide
a complete range of activities which are vital for the success of the generic model. The
basic standards should be uniform and consistent in recognition with consensus taken
should be conducted in a vigorous and authentic manner (Forcht & Ayers, 2001: Pg 55).
Appropriate legal information should be investigated and analyzed within the framework
of national legal systems. The investigation stage should seek to search and recognize
while proper tools should be used to prevent destruction of evidence. Analysis is a key
component of the generic model because it seeks to identify the value of the evidence. It
Further there is the need to present and prove the analysis in a smart and productive
manner. The development of multifaceted strategies is vital for the success of the
program (Baryamureeba & Tushabe, 2004: Pg 40). A generic model has been developed
Computer Forensics 20
through constant analysis and assessment of the literature review. Best practices have
been identified for the success of the entire program. The use of different strategies is
crucial for attaining excellence in the environment. The use of multifaceted approaches
helps to create optimized results. It creates innovative and creative mechanisms for
Search and seizure of digital evidence is a major bone of contention among various legal
systems. There is the need to apply smart procedures that can be used to strengthen the
entire process. Further such a strategy can be attained through the development of
efficient and effective procedures (Volonino & Anzaldua, 2006: Pg 176). The key to
success is to develop a set of standards that can be used to distinguish a proper search and
seizure from an illegal one. The presence of smart procedures needs to be performed in
efficient manner so that the privacy of citizens is safeguarded. Verbal and written consent
for search and seizure is essential for implementing legal safeguards. This will help to
strengthen the entire process through a systematic and logical manner. It is critical to find
a middle way between the desire to strengthen law enforcement departments and protect
civil liberties. There should be focus on excellence and quality so that search and seizure
processes do not become intrusive (Volonino & Anzaldua, 2006: Pg 180). Further
relaxed rules and regulations in the developed world. Collection, examination, analysis,
and reporting are key components of preparation. They seek to obtain evidence in an
efficient and effective manner. They strive to create an environment in which superior
Qualified Experts
There is an urgent need to modify procedures for the determination of computer forensics
investigators. This can be done by determining the tools which provide authentic and
valid evidence for digital information collection. Further the professional should not
create a talented workforce (Volonino & Anzaldua, 2006: Pg 193). The expert must be
able to apply analytical and critical thinking skills for the success of the approach.
Understanding the various standards is essential for the success of the approach.
Computer forensic investigators need to adhere to several standards during the digital
evidence collection process (Volonino & Anzaldua, 2006: Pg 192). Unallocated file
space needs to be investigated and assessed during the entire process. This is due to the
fact that any data which is deleted remains in the unallocated file space. Information
contained in such space can provide valuable information which is crucial for the
investigation process. Several types of temporary files might be stored in the computer.
This provides a set of robust tools at the disposal of the computer forensics investigator.
A set of consistent and uniform guidelines for qualified experts will help to enhance the
entire process. A generic model for computer forensics should look into various aspects
of the problem (Volonino & Anzaldua, 2006: Pg 193). It should seek to develop a robust
Computer Forensics 22
framework that can enhance quality in the entire process. Proprietary tools that have been
known for their efficacy should be utilized as a means of augmenting the skills and
Flexible Model
A generic model for computer forensics should be able to be flexible, reliable, and
scalable since it must respond to the requirements of new challenges and threats.
Computer security is rapidly evolving field that requires the application of innovative and
creative strategies. New tools and applications must be developed along with
administrative and legal procedures (Volonino & Anzaldua, 2006: Pg 193). Such a
environment. Computer forensics investigators must follow a set of procedures that help
to create superior outcomes. The generic model described in this report details the steps
Protection
Computer forensics investigators must ensure the safety of the computer system from
evidence because it helps in the resolution of criminal and civil cases. Specific threats
could include hackers or intruders attempting to tamper or alter the data. This creates
high levels of risk during the legal process as tampered evidence might not be sufficient
Computer forensics investigators must have the required skills to successfully analyze
and assess the evidence. This step is crucial because the investigators must find all types
of files that are present in the system. Such a step can occur only if the experts are trained
commitment towards excellence and quality (Volonino & Anzaldua, 2006: Pg 154).
Computer forensics investigators must be able to recover deleted files in an efficient and
effective manner. They must be skilled in the process of deducing the content that is
present in deleted and hidden files. Such a strategy should lead to the success of the
program. They must be equipped with specific competencies that can be used to ensure
quality and standard in the discipline (Volonino & Anzaldua, 2006: Pg 154). Computer
forensics investigators must be able to apply critical thinking and analytical skills for the
success of the approach. The utilization of smart strategies is crucial for creating
conclusive results during the investigation process. Collection, examination, analysis, and
reporting are key components of preparation. They seek to obtain evidence in an efficient
and effective manner. They strive to create an environment in which superior outcomes
Computer forensics investigators must be able to successfully analyze and assess the
documented and reported in an efficient and effective manner. This strategy helps to
the process (Bryant, 2008: Pg 154). The final task for computer forensics investigators is
investigators because it helps to resolve cases. The testimony can play a conclusive role
Jurisdictional Issues
Countries throughout the world need to resolve the jurisdictional issues that can occur
inside their territories. The difference between national and local laws needs to be
resolved in a systematic and logical manner. A robust framework will help to remove
ambiguities and vagueness in the process (Brown, 2006: Pg 123). Computer forensic
investigators need to adhere to several standards during the digital evidence collection
process. Unallocated file space needs to be investigated and assessed during the entire
process. This is due to the fact that any data which is deleted remains in the unallocated
file space. Information contained in such space can provide valuable information which is
crucial for the investigation process. Several types of temporary files might be stored in
the computer. It will lead to the development of a legal system that is tuned to the
problem of resolving the issue (Brown, 2006: Pg 123). Computer forensics investigators
Computer Forensics 25
need to be equipped with the legal safeguards that can enable them to conduct research in
a practical and logical manner. The use of smart strategies will help to create optimum
conditions. The development of an efficient and effective framework is crucial for the
courts. The lack of robust guidelines means that the process has become inefficient and
flawed in many legal systems. The various forms of digital evidence need to be closely
studied and analyzed by the legal experts (Fisher & Koloswski, 2007: Pg 93).
Standards need to be uniform and consistent for evidence like email, video files, and
word documents. Requirements should be based upon current trends and industry norms.
This process will help to create a smart procedure for evidence handling procedures.
Similarly qualified experts must be present in order to create efficient and effective
procedures. A generic model for computer evidence presentation should exist through the
use of strategic initiatives. Privacy regulation is a major factor that needs to be tackled by
using analytical and assessment skills (Fisher & Koloswski, 2007: Pg 93). Evidence
needs to be thoroughly checked for its veracity and authenticity in order to prevent
problems.
Computer forensics is a rapidly changing field with the advent of new threats and
technologies. The expertise of senior personnel should be used as the criteria for creating
Computer Forensics 26
a best practices guide. Such a guide would help in the collection, analysis, preservation,
and presentation of the evidence. It would create innovative and creative industry
standards that can be used to resolve problems (Britz, 2004: Pg 102). An international
methodology for computer forensics is essential for the success of the discipline. This
will help to remove legal problems that are often encountered in the courts. The
development of reliable and uniform measures is crucial for the success of the approach.
Best practices guide should be frequently updated in order to meet the challenges of the
twenty first century. A robust formula for success can ensure that appropriate measures
will be adapted (Fisher & Koloswski, 2007: Pg 93). There is the need to focus on
efficiency and effectiveness. Such an approach leads to the development of smart and
Appropriate standards will help to create a powerful framework that can be flexible and
A crucial aspect of the strategy to develop a generic model must be the creation of
computer literacy in the legal sector. Lawyers and judges need to be aware about the
fundamentals of the field. This will help to create a realistic and correct approach towards
computer forensics (Heizer & Kruse, 2002: Pg 23). It would lead to the development of a
would lead to the development of smart and prudent objectives. It would help to create
Computer Forensics 27
high levels of efficiency and effectiveness. It would lead to smart objectives in which the
examination, analysis, and reporting are key components of preparation (Heizer & Kruse,
2002: Pg 23). They seek to obtain evidence in an efficient and effective manner. They
strive to create an environment in which superior outcomes can be attained through the
range of activities which are vital for the success of the generic model. The basic
standards should be uniform and consistent in recognition with consensus taken from the
framework. The use of multiple strategies will help to create a collaborative framework.
proceedings. It would lead to legislative mechanism which can be used for proper
management and planning (Heizer & Kruse, 2002: Pg 23). Law enforcement departments
need to be provided with adequate safeguards that would enable them to fight crime using
success of the entire program. The use of multiple strategies has been recommended as a
to several standards during the digital evidence collection process. Unallocated file space
needs to be investigated and assessed during the entire process (Volonino & Anzaldua,
2006: Pg 193). This is due to the fact that any data which is deleted remains in the
unallocated file space. Information contained in such space can provide valuable
information which is crucial for the investigation process. Several types of temporary
files might be stored in the computer. This provides a set of robust tools at the disposal of
This generic model recommends that policy makers make research into the issues that are
differences so that different guidelines can be developed. Further there is the need to
computer systems (Nelson, Philips, Enfinger & Steuart, 2004: Pg 67). The key
Privacy remains a major issue in the developed world that has adequate safeguards
against interference and violation of personal rights. This creates a level of ambiguity in
the computer forensics. There is the need for creating permissible behavior that will be
and competent manner (Mandia & Prosise, 2001: Pg 102). Employee’s privacy rights
should be respected by using a dynamic and smart approach. There should be no breaches
because there is the need to adopt a balance between security and privacy. Safety
measures need to be taken during the collection and extraction of data from computers.
Information accessibility and exchange between various organizations is essential for the
success of a generic model. There is the need to ensure that privacy and confidentiality of
the clients can be protected in a safe and transparent manner. Further there is the need to
ensure that the private sector will cooperate with law enforcement officers and
departments (Nelson, Philips, Enfinger & Steuart, 2004: Pg 67). An integrated effort
Private organizations must be given adequate guidelines about their duty to collect and
International Cooperation
This is the key to success in computer forensics when developing a generic model.
enforcement departments can easily exchange and access information (Cairdhuain, 2004:
Pg 54). Since cyber crime is cross border in nature, international cooperation is valid for
the success of the program. The internet traverses conventional boundaries hence flexible
protocols should be developed for overcoming problems that international agencies might
Computer Forensics 30
face during cross country investigations. This means calling for interoperability in digital
evidence collection procedures. The laws about information exchange and accessibility
by foreign agencies should be made clear and transparent (Solms & Lourens, 2006: Pg
90). The development of a smart framework is crucial for the success of innovative and
creative approaches. Free exchange of information between nations should be based upon
local interests and guidelines. Computer forensic investigators need to adhere to several
standards during the digital evidence collection process (Solms & Lourens, 2006: Pg 90).
Unallocated file space needs to be investigated and assessed during the entire process.
This is due to the fact that any data which is deleted remains in the unallocated file space.
Information contained in such space can provide valuable information which is crucial
for the investigation process. Several types of temporary files might be stored in the
computer. Computer forensics as a field has been growing at exponential rates in many
throughout the world need to exchange and access information with each other. This
approach will produce a force multiplier as it will help to combat the diverse nature of
threats that are faced by computer forensics investigators. The development of a complete
strategy is essential for the success of the entire program. Several strategies need to be
smart strategies is crucial for creating an optimized effort against the entire array of
reservoir of diversified expertise (Cairdhuain, 2004: Pg 54). This can be utilized in the
fight against various threats. It can create optimized solutions that are flexible and
Computer Forensics 31
forensics needs to be devised through the use of effective and efficient strategies. The
program. The use of different strategies has been recommended as a means of measuring
References
Carrier, B. and Spafford, EH.: Getting Physical with the Investigation Process
International Journal of Digital Evidence. Fall 2003, Volume 2, Issue 2, 2003.
Casey, E.: Digital Evidence and Computer Crime, 2nd Edition, Elsevier Academic
Press, 2004.
National Institute of Justice. Results from Tools and Technologie Working Group,
Goverors Summit on Cybercrime and Cyberterrorism, Princeton NJ, 2002.
Reith, M., Carr, C. and Gunsch, G.:An Examination of Digital Forensic Models,
International Journal of Digital Evidence. Fall 2002, Volume 1, Issue 3, 2002.
Van Solms, SH. and Lourens, CP.: A Control Framework for Digital Forensics,
IFIP 11.9, 2006.
Nelson, B., A. Phillips, F. Enfinger, and C. Steuart. Guide to Computer Forensics and
Investigations. Canada: Thomson, 2004.
Vacca, J.R. Computer Forensics: Computer Crime Scene Investigation. Hingham, MA:
Charles River Media, 2002.
Forcht, K.A. and W.C. Ayers, W.C. "Developing a Computer security Policy for
Organizational Use and Implementation," Journal of Computer Information Systems,
41:2, 2001, pp. 52-57.
Volonino, L. & Anzaldua, R. & Godwin, J. (2006) Computer Forensics: Principles and P
Fisher, B & Fisher, D & Kolowski, J (2007) Forensics Demystified: A self teaching
guide.Mc Graw Hill
Computer Forensics 34
Bibliography
DiGregory, K. V. Statement to the United States Department of Justice before the
Subcommittee on the Constitution of the House Committee on the Judiciary on the
Fourth Amendment and the Internet,
http://www.usdoj.gov/criminal/cybercrinie/inter4th.htm, April 6, 2000.2.
Forcht, K.A. and W.C. Ayers, W.C. "Developing a Computer security Policy for
Organizational Use and Implementation," Journal of Computer Information Systems,
41:2, 2001, pp. 52-57.3.
Kros, J.R., C.B. Foltz, and CL. Metcalf. "Assessing & quantifying the Loss of Network
Intrusion," Journal of Computer Information Systems, 45:2, pp. 36-42.8. Lam, C.C. U.S.
Department of Justice, Southern District of California,
http://www.usdoj.gov/criminal/cybercrime/okeefeArrest.htm, press release, September
29, 2003.
Nelson, B., A. Phillips, F. Enfinger, and C. Steuart. Guide to Computer Forensics and
Investigations. Canada: Thomson, 2004.
United States Department of Justice. Field Guidance on New Authorities That Relate to
Computer Crime and Electronic Evidence Enacted in the USA Patriot Act of 2001.
http://www.usdoj.gov/criminal/cybercrime/PatriotAct. htm.
Vacca, J.R. Computer Forensics: Computer Crime Scene Investigation. Hingham, MA:
Charles River Media, 2002.
Computer Forensics 35