Q1) Digital evidence refers to digital data that is able to establish a crime has been committed, can provide a link between a crime and its victim, or can provide a link between a crime and the perpetrator.
Carrier & Spafford, 2003, "Getting physical with the digital investigation process"
Describe further based on the above definition:
- How does collecting digital evidence differ from normal evidence?
- What are the challenges?
Q2) Elaborate further (include a supporting example too) based on EACH of the following 4 principles of cyber forensics:
(i) The act of collecting digital evidence should not result in any alteration of the data in question, wherever this is possible
(ii) All handling of digital evidence from collection through to preservation and analysis must be fully documented
(iii) Access to original digital evidence should be restricted to those deemed "forensically competent"
(iv) Your actions taken should not affect the integrity of the evidence
Q1: Difference between collecting digital evidence and physical evidence
Digital evidence must be carefully collected so as to protect the physical device as well as the data it contains. Such evidence is also prone to destruction by electromagnetic fields such as those generated by radio, transmitters, magnets, and other devices. When devices such as pager, mobile phones, smart phones or PDAs are collected as evidence, they must be prevented to sending and receiving data. Thus, while collecting digital evidence, responders should document any activity on the device, confirm the power state of the device, and check for other important parameters like whether sound is on, whether display is blank, whether lights are on and so on.
Collecting physical evidence deals more with the physical aspects of the evidence as there is no data inside that evidence which has to be further protected.
Challenges in collecting digital evidence
• There is an increased risk of process failures and data loss while collecting, storing or transporting the evidence
• There is possibility that ...
This solution discusses digital evidence within computer forensics.