Conducting investigation of computers does not differ much from traditional public investigation. It also implies search for material evidence, including word documents, photos, pictures, or graphic data. The only difference lies in methods of extracting these computer artifacts (Nelson & Phillips, 2010).
In this respect, to disclose the facts of kidnapping, computer forensics could be of great value because it can allow the policy office to find all necessary information about the forthcoming crime or about the crime that has already been committed (Nelson & Phillips, 2010).
In case with kidnapping, the computer files and hard disk should be investigating for possible photos of the kidnapped victims, stenography, a process by means of which an image is concealed behind another digital image, and deleted files that are possible to extract and recover.
When electronic data has been collected to identify the kind of the incident and introduce evidence of the crime, it is important to organize a meeting with the witness who can provide details of the incident (Kannellis, 2006). The one-to-one interview can help me to get into more detail about the case and compare the testimony with the files and pictures found on computer (Anson & Bunting, 2007).
One of the most frequently used tools for concealing information is stenography, which is also considered the major threat to governmental security (Caloyannides, 2004). This way of information coding is used by most criminals who strive to conceal the images and photos (See Appendix 1). Before evaluating and deliberating the evidence, it is essential to carry out baseline data network analysis to understand the crime scene.
Further steps will determine the normal usage and topology of the network, interview with system administrators, logs of affected and associated systems, and outputs received from IDSs.
The data that can be obtained from computer is stored in a running system memory, which constitutes as great evidential value (Anson & Bunting, 2007). As soon as the running processes are determined and connections are active, it is possible to generate a clear picture of what actions have been performed by a user, a potential suspect.
Interestingly, in case the kidnapper does not realize the face of the crime, it is reasonable to build in specific equipment that can permit the investigator to control subsequent course of action provided by the criminal. Such an approach will increase chances for discovering new evidence proving the fact of kidnapping (Anson & Bunting, 2007).
While examining the evidence, it is purposeful to refer to various types of evaluation, including live analysis and cross-sectional assessment. The first step to be taken is detecting the first activity that was carrying out on computer at the moment of the accident (Anson & Bunting, 2007).
Using cross-sectional analysis through acquisition, analysis, and reporting, it is possible to detect the fact of criminal’s using several computers for storing data about the victims (Mohay, 2003). There is a great probability that the attacker can use more than one database for allocating pictures, documents, and stenography to distract the crime scene investigators.
Finally, although some of the resources detected on the computer of the accused, they can be applied to characterize and define the background, including his activities and hobbies. Therefore, this information will also be helpful for forensic professional who make the psychological profile of the kidnapper.
References
Anson, S., & Bunting, S. (2007). Mastering Windows Network Forensics and Investigation. New Jersey: John Wiley and Sons.
Caloyannides, M. A. (2004). Privacy Protection and Computer Forensics. US: Artech House.
Kannellis, P. (2006). Digital Crime and Forensic Science in Cyberspace. US: Idea Group Inc.
Mohay, G. M. (2003). Computer and Intrusion Forensics. US: Artech House.
Nelson, B., & Phillips, A. (2010). Guide to Computer Forensics and Investigation. US: Cengage Learning.