Requesting help (information and references)on the 2 questions below.
1. The federal law enforcement agency is preparing for a court appearance. They need assistance in how to explain the forensic process and techniques used to uncover and prove criminal activity. When challenging the admissibility of the digital evidence the defense examiner will evaluate the authentication and chain of custody techniques used. The accused made a blog on the Internet site threatening a false bomb attack. He is on camera seated at the computer, and the video is being examined by investigation experts after someone gave a tip that she saw some of the message on accident. There are also log-ins used at the Library. Identify in a whitepaper the possible authentication and chain of custody techniques used to ensure an acceptable forensics investigative process.
2. In an investigation being conducted by the state crime lab, senior investigators have called DC Investigative to request advice concerning the interception of wire, electronic, or oral communications. The current suspected source of the crime in one of the cases used a library computer to send and receive e-mails. The librarian walked up on the e-mail account while the suspect was away and found incriminating information in an open e-mail, which was reported to law enforcement. Identify the procedures based on the Electronic Communications Privacy Act of 1986 and the Wiretap Act concerning how investigators should approach this case.
First, the law enforcement agency should have a warrant to search the video as well as to seize the video tape. Otherwise, the evidence may be excluded by the court.
The Federal Rules of Evidence require that the evidence found by the investigators should be authenticated as shown in Article IX, Rule 901. The need for authentication is a condition precedent to the admissibility of evidence. The tape which was seen by an observer should be kept under a seal by the librarian. The librarian should authenticate the tape by placing a seal on the tape or simply by signing across the flap of the envelop that contains the tape. The tape should be placed in a locked container and taken to the lab, where it should again be placed in a locked box or locker with the officer retaining the keys with himself. This will establish the chain of custody.
With regards to the computer system
The more important evidence is the log-in system used at the Library. The images viewed by the user, the record of log-in and the user history is stored on the hard-disk of the computer. In addition, the hard-disk of the Library system has a record of the log-ins. The terminal should be shut down, the hardware configuration of the system should be photographed, and the nobody should be allowed to use the terminal till the investigating officers get a warrant to seize the terminal and the CPU of the Librarian for the log of users. The computer system needs to be transported to a secure location. Bit stream backups should be made of the hard disks. The data on the disks, should be mathematically authenticated, the system date and time should be documented. Evaluate the log of files; match them with the records on the librarian server hard disk. Further, the files containing the evidence relating to the threat of a bomb attack should be retrieved using a licensed forensic tool. In addition, the Windows Swap File should also be evaluated. The file stack, and unallocated space should be searched and all incriminating evidence should be identified. The findings should be documented.
The authentication in case of the computer terminal with its memory is two fold. First the librarian authenticates that the terminal was actually the one that was used by the person in the video. In addition, the librarian will also authenticate that the hard ...
This solution gives you a detailed discussion on Comuter Crimes