Requesting help (information and references) with the following 2 questions.
1. In a weekly coordination meeting, several senior investigators from the state crime lab request that DC Investigative prepare a (4-5 pages)standard operations procedure document concerning the general processing of computer evidence. Recent forensic investigator actions during the processing of computer evidence have failed to show their understanding of how computer data is created, modified, and stored. In addition, the investigators have not understood the underlying technical issues tied to evidence processing and associated security issues. Provide four general evidence processing guidelines to ensure investigators understand the steps of processing evidence and the results when standard operating procedures are not followed.
2. In computer cases, the Fourth Amendment provides a fundamental question concerning whether an individual enjoys a reasonable expectation of privacy concerning information stored electronically within computers (to include other electronic storage devices) under an individual's control. For example, one of the questions posed is whether individuals expect to have a reasonable expectation of privacy in the contents of their pagers, PDAs, laptop computers, or floppy disks. Decide in your discussion if the answer is yes, then discuss what the government must do to gain access to stored information. Identify some of the previous cases that have supported legal government decisions in this area of privacy and electronic storage.
Four General Evidence Processing Guidelines:
Since digital evidence is not human readable, a printout is acceptable as under the "best evidence rule" under the Federal Rules Evidence Rule 1001 (3). In fact any printout or other output readable by sigh, shown to reflect the data accurately is an original". Keeping this in mind the investigating officer should have with him a warrant with proper language addressing the seizure of a computer.
The officer should decide if the computer is on or not. if the computer is not on, he should not turn it on, but if the computer is on, the screen should be photographed. The source of power should then be disconnected. The modem unplugged, and an empty police diskette should be placed into CD/DVD drive and it should be sealed. The computer hardware should also be photographed to keep a record of how the system was set up. You should label each wire. The movement of the computer from a crime scene to a secure place should take place in such a manner that the chain of custody is maintained. The transportation of the computer evidence should take place in a secure vehicle and should be stored in a secure place. This means transporting it in a locked vehicle and keeping it in a locked room. This is essential to preserve the chain of custody.
At the site of the computer, you need to photograph the site after the computer has been removed. The area may have important information like passwords or user ids. These need to be retrieved. Further, all software disks, storage disks or devices, manuals, notes, and books should be seized. Each of these should be stored in covers and sealed. The persons at the site should be interviewed for passwords, and the method for operating the software. The evidence should be transported in a secure vehicle. The computer system should also be transported in a secure location. At the location backups of all hard disks, CDs, DVDs, and tapes should be made. The evidence processing should be carried out on backups and not on the original computer or evidence. This is essential to maintain the chain-of-custody, and the security of data. If these steps are not taken challenges related to the chain-of-custody and security may be raised in the court.
It is ...
This solution gives you a detailed discussion on Computer Crime