Evidence Collection from Laptops
The device mentioned above falls into the category of a laptop computer. A computer has three specific places where data is stored. The hard disk, the cache memory of the RAM and the cache memory of the processor. The hard disk is where all types of files are stored. It is filled with various forms of data that can be extracted and analysed as evidence. An image copy of the disk can be created for forensic analysis and thus keeping the integrity of the evidence on the hard disk intact (Lazaridis, Arampatzis and Pouros 2016). There can be different kinds of incriminating documents, pictures, spreadsheets that would serve as evidence. These files might be locked using passwords. These password protected files must be unlocked using password butte force software. Files can also be encrypted. In the event that such encrypted files are present in the device, these must be decrypted using data decryption software (Syambas and El Farisi 2014). Laptops like Dell Inspiron are also used for Internet browsing using browsers Google Chrome and Mozilla Firefox. These browsers can also be sued for downloading and uploading content on the Internet. The logs containing such data can be extracted to trace the Internet activities of the user using this system (Mohite and Ardhapurkar 2015). Tracing website visits along with determining the files that were uploaded or downloaded plays an important role in forensic investigation as determining criminal activities through online visits. The cache memory is a bit difficult to acquire, as the memory is volatile as can be erased upon switching the computer power off. Thus, it is of utmost importance that the power remains turned on for the investigation. This memory contains all the recent programs, applications and files accessed from the system and therefore this information can be utilized the most recent activities on the computer before it was seized for evidence extraction (Gubanov 2014).
The strengths of this technique are that all the data stored in the computer will be extracted as evidence and the integrity of the original evidence is maintained due to the creation of an image copy of the entire hard disk and the cache. The weaknesses are that the cache data can get deleted if the system turned off before the data is extracted and the files in the system can be password-protected or encrypted or both, therefore additional software support is required for evidence recovery.
Strengths and Weaknesses
The techniques for evidence collection from the laptop that were identified in the previous section of the paper is useful. These techniques can be used to extract all the data stored in the laptop, although the activities that are generally conducted online by using this laptop cannot be entirely traced. Online activity can be made untraceable by using several methods such as incognito mode and VPN.
The collected evidence is presentable in court as the integrity of the original evidence is preserved and therefore a third party can verify the findings. The entire online criminal activity cannot be traces however; data on the activities on the local computer can be entirely extracted.
The security in android smartphones is upgraded in every patch. However, the flaws remain huge and most of it is due to the enormous number of apps that are available for the android platform (Quick and Choo 2017). The data stored in the device is collectively stored in the phone’s internal memory, external memory and the cache. This data can be extracted using the methods stated for the previous device. The files can be in document or image or even pdf format. However, two types of evidence can be recovered from a smartphone that separates this device from the previous one (Cahyani et al.2017). Firstly, this device can be used to make calls and thus the entire call history can be extracted to trace the communication between the user of the phone and his or her contacts (Wu et al. 2017). The second being the information collected by the applications present on the phone. Extracting the call history and analysing it for evidence is very simple yet important. The results can be utilised to trace the entire communication that the user might have had over a course of months and even years. However, if the user deleted the call log, then the telephone operator can be contacted to get a list of the user’s recent call history. Extracting information from the apps can be tough nevertheless; the information will have almost every detail about the user’s life (Seghir and Aspinall 2015). The apps on the smartphone record every piece of information from the locations that the user had visited to the buying preferences of the user. However, most of the si not entirely stored in the device memory. The data in the phone can be extracted. The data is submitted by the apps back to its companies for evaluation and marketing purposes. The vast amount of data that is uploaded to the companies’ servers can be retrieved by requesting the respective company and following various legal procedures. Bixby is the new virtual assistant in the Samsung Galaxy S9. This software listens to user voice passively and thus it can be used to recover data and spy on the user.
Evidence Collection from Smartphones
The strength of this method that the smartphone first records and then stores or uploads user data in the background and therefore by tapping into that information, details on the user and his or her life can be developed. The weakness of this method is that retrieving the data that is not stored in the device can be tough and challenging as the owner of the apps might not comply with the respective authorities.
The techniques that has been explained are very useful and can be used in any situation for extracting evidence from this device. However, there might be some trouble recovering data that has been uploaded to different servers all across the world.
The collected evidence can be used in court in court. However, data that has been procured illegally will be immediately rejected. The evidence can be suitably used for prosecuting the criminal activity identified in the earlier sections of this paper.
Evidence recovery from digital media has been simplified over the years. The digital media can be used to collect every detail about the user starting from the time he or she wakes up to the time the person goes to sleep.
The Forensic Investigator has to be present at the crime site to oversee the preservation of the integrity of the data stored in the system as some data can be lost if the system is turned off. This situation will be greatly remedied by the use of peer-to-peer digital evidence recovery (Dezfoli et al. 2013). Such a software will enable the forensic investigator to connect remotely to the system and he or she does not have to be physically present at the crime scene. This will greatly benefit the investigation due to several factors. Firstly, the investigator can save commute time as does not have to travel to the site (Quick and Choo 2014). This vastly increases the time that the expert can spend on studying the evidence. Second, the investigation can be started instantly as soon as the connection is established and thus the culprit or his or her accomplices will not get enough time to manipulate or damage the evidence stored in the system (Lillis et al. 2016). Third, the software can be used to connect to a single or an entire node and can be used to extract any amount of information from a single terminal (Perumal, Norwawi and Raman 2015). This is greatly beneficial for the expert as now he or she can look for more than one culprit at the same time or to check whether the culprit has used any other computer in the premises on not. Fourth, this type of evidence collection is usually silent and is greatly beneficial when the culprit does not know that he or she is being investigated on (Quick and Choo 2016). Therefore, complete secrecy is maintained, which is crucial for digital forensic and investigation as digital evidence can be easily manipulated. This creates a problem and raises concerns about the integrity of the evidence.
Strengths and Weaknesses
The challenges with this method of evidence acquisition is far outweighs the benefits that it poses. The primary challenge is the transfer speed of the network that the computers are connected to. However, for this process to work flawlessly, the source computer must be connected to the Internet before the investigation process can start. The Internet cannot be connected on a stand-alone system after the crime has been committed, as this act will be seen as evidence manipulation. This speed will determine the strength of the connection between the computers and the time that would be required to transfer the necessary evidence from the computer of the culprit to the computer of the expert (Quick and Choo 2014). The computer from which the evidence is collected is the source computer and the computer of the expert is the destination computer. The Internet connection of the source computer and the destination computer must be stable, as in the event of a disconnection of either one of the computer, the entire transfer process will have to restart. The transfer process can be resumed in some scenarios, however it resuming the process from the last file that was transferred is not recommended. This is because of the fact that the files that were being transferred night have been corrupted due to the disconnection. The entire process can become invalid due to a single disconnection and due to a single file being corrupted because of it. The organization that the forensic expert is investigating might be uncooperative towards the investigation as there are a lot of sensitive information about the organization at risk due to the investigation. The expert will have access to the node and such an access can be used to extract all the information that the servers of the company and the computers of its employees are withholding. Organizations sometimes tend to use proprietary software.
This software can also hinder the investigation as this software are programmed to block remote connections that are prying the host system for information. However, the expert cannot request the organization to disable such defence mechanism capable software as the organization might be attacked during its downtime. Therefore, this creates a huge problem, as the software cannot be disabled for security purposes meanwhile the investigation is being delayed due to the software as evidence extraction is blocked. This method is only suitable for collecting evidence from the computer system. However, it cannot be used in the event of evidence extraction from other digital media such phones, tablets, and other such devices. These devices needs to be connected manually for evidence extraction as these devices hold a large amount of data that needs to carefully extracted and filtered to serve as evidence. Many times, it is beneficial for the investigator to visit the crime scene and collect evidence following his or her own style of indexing as it helps to keep the investigation organized and transparent to third party investigative entities. Preserving the evidence integrity by maintaining the chain of evidence is very useful and rather a necessity to uphold the evidence in court. Digital evidence frequently loses all of its credibility, as the chain of custody was not properly maintained. There might also be some other form of digital evidence present at the site if investigation such a USB thumb drive or a DVD. These devices might hold crucial information for the investigation and thus must not be avoided by the digital forensic expert. This method of investigation collects all the data irrespective of user for analysis. However, the privacy of the people other than the culprit must be maintained. Privacy of people is generally neglected when mass data collection takes place. Therefore, the expert must take precaution so as not to release any data that does not belong to the culprit, by accident. The expert must filter out the necessary data from the excess and irrelevant ones. This Filtering process however must be conducted manually as a software can never be used to decide what data is relevant for the investigation.
Using Peer-to-Peer Digital Evidence Recovery in Investigations
Reference List:
Cahyani, N.D.W., Martini, B., Choo, K.K.R. and Al?Azhar, A.K.B.P., 2017. Forensic data acquisition from cloud?of?things devices: windows Smartphones as a case study. Concurrency and Computation: Practice and Experience, 29(14).
Dezfoli, F.N., Dehghantanha, A., Mahmoud, R., Sani, N.F.B.M. and Daryabar, F., 2013. Digital forensic trends and future. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(2), pp.48-76.
Gubanov, Y., 2014. Retrieving Digital Evidence: Methods, Techniques and Issues. Retrieved on July.
Lazaridis, I., Arampatzis, T. and Pouros, S., 2016, May. Evaluation of digital forensics tools on data recovery and analysis. In The Third International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2016) (p. 67).
Lillis, D., Becker, B., O’Sullivan, T. and Scanlon, M., 2016. Current challenges and future research areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
Mohite, M.P. and Ardhapurkar, S.B., 2015, April. Design and implementation of a cloud based computer forensic tool. In Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on (pp. 1005-1009). IEEE.
PCWorld (2018). DELL Inspiron 15 5570 15.6″ Laptop – Black. [online] Available at: https://www.pcworld.co.uk/gbuk/computing/laptops/laptops/dell-inspiron-15-5570-15-6-laptop-black-10169754-pdt.html [Accessed 14 Mar. 2018].
Perumal, S., Norwawi, N.M. and Raman, V., 2015, October. Internet of Things (IoT) digital forensic investigation model: Top-down forensic approach methodology. In Digital Information Processing and Communications (ICDIPC), 2015 Fifth International Conference on (pp. 19-23). IEEE.
Quick, D. and Choo, K.K.R., 2014. Data reduction and data mining framework for digital forensic evidence: storage, intelligence, review and archive.
Quick, D. and Choo, K.K.R., 2014. Impacts of increasing volume of digital forensic data: A survey and future research challenges. Digital Investigation, 11(4), pp.273-294.
Quick, D. and Choo, K.K.R., 2016. Big forensic data reduction: digital forensic images and electronic evidence. Cluster Computing, 19(2), pp.723-740.
Quick, D. and Choo, K.K.R., 2017. Pervasive social networking forensics: intelligence and evidence from mobile device extracts. Journal of Network and Computer Applications, 86, pp.24-33.
Samsung (2018). Samsung Galaxy S9 and S9+ – Price, Specs and Features | Samsung India. [online] Available at: https://www.samsung.com/uk/smartphones/galaxy-s9/ [Accessed 14 Mar. 2018].
Seghir, M.N. and Aspinall, D., 2015, October. Evicheck: Digital evidence for android. In International Symposium on Automated Technology for Verification and Analysis (pp. 221-227). Springer, Cham.
Syambas, N.R. and El Farisi, N., 2014, October. Development of digital evidence collection methods in case of Digital Forensic using two step inject methods. In Telecommunication Systems Services and Applications (TSSA), 2014 8th International Conference on (pp. 1-6). IEEE.
Wu, S., Zhang, Y., Wang, X., Xiong, X. and Du, L., 2017. Forensic analysis of WeChat on Android smartphones. Digital investigation, 21, pp.3-10.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
