Principles of computer forensics
Principles of computer forensics are standard rules that govern how digital evidence is handled to make it admissible in court (Nelson, Phillips & Steuart, 2010; Taylor, Haggerty, Gresty & Lamb, 2011; Easttom, 2014). Many countries and states had their principles of computer forensics.
However, efforts have been made to align several principles in order to have internationally accepted principles that can be applied across the world (Taylor et al., 2011). The standardization efforts have resulted in the adoption of four key principles. First, digital evidence should be collected in a manner that does not allow alteration of crucial data. This principle attempts to uphold the integrity of evidence (Taylor et al., 2011).
Second, the processes of collecting, storing and analyzing digital data should be fully documented, and reasons should be given for any manipulation done. This principle aims to make professionals handling digital evidence responsible for their actions. Third, digital evidence should only be accessed by forensically competent persons. This principle ensures that non-competent persons do not interfere with digital evidence (Nelson et al., 2010; Taylor et al., 2011).
Fourth, it should be ensured that the right procedures are followed during computer forensic investigations. If the law and principles of computer forensics are followed, then digital evidence would be admissible in court. Admissible evidence is crucial in promoting justice and fairness in criminal proceedings (Nelson et al., 2010; Taylor et al., 2011; Easttom, 2014).
The role of computer forensics as it relates to other IT disciplines
Computer forensics is the integration of computer science and law. It is crucial in the investigation of crimes that are related to the manipulation of computer systems (Easttom, 2014). All IT applications rely on the use of data that are analyzed, stored and retrieved for particular uses (Nelson et al., 2010).
Computer forensics could be used in legal matters to solve criminal issues in all other IT applications. Therefore, forensic science with regard to computer systems plays crucial legal roles in relation to other IT application (Taylor et al., 2011; Easttom, 2014).
History of computer forensics
Crimes related to the use of computers came to the limelight in 1978 in Florida after legislation was adopted to prohibit unauthorized changes of data preserved in computers. Federal laws recognized crimes related to the use of computers in the 1980s. History of computer forensics can be categorized into three distinct phases (Easttom, 2014). First, the ad-hoc stage was marked by lack of clear frameworks for dealing with computer crimes.
The phase was also characterized by many legal issues that revolved around the applications of computer systems to handle digital evidence used in court. Second, the structured phase involved the adoption of specific tools and procedures in digital crime investigations and prosecutions. Third, the enterprise phase (the current phase) involves fast collection of digital evidence, creation of sophisticated tools and many companies offering forensic services (Nelson et al., 2010; Easttom, 2014).
How to use computer forensics in criminal investigations
For digital evidence to be admissible in court, investigations should be conducted in a manner that adopts the principles of computer forensics (Easttom, 2014). The following steps are involved in computer forensics investigations:
- A computer system containing crucial evidence is secured to ensure that data are safe.
- All files in a computer system that are not encrypted are copied.
- Deleted information is retrieved.
- Contents of hidden files are revealed using specific software to identify hidden data.
- Protected files are decrypted and accessed.
- Inaccessible parts of computer disks are analyzed to locate files that could contain crucial data.
- All steps of the procedure are documented.
Constitutional protections and laws covering investigations
Computer forensic investigations are protected by the US constitution and various federal and state laws. Therefore, computer forensic investigators need to conduct investigations within confines of the law. Federal computer crime laws protect various aspects of investigations.
Some of the federal computer crime laws include Health Insurance Portability and Accountability Act, USA Patriot Act, Child Pornography Protection Act, and Communications Decency Act 1986, among others. Case laws are based on verdict given by judges in computer crimes, and they are adopted as legislation that protects computer forensic investigations (Nelson et al., 2010).
The code of ethics requires computer forensic investigations to be conducted using accepted ethics (Taylor et al., 2011). Some computer forensic issues include privacy, impact on society and intellectual property rights (Nelson et al., 2010; Easttom, 2014). Computer forensic professionals should protect the secrecy and privacy of clients’ information (Easttom, 2014). A high degree of secrecy and privacy could be achieved when personnel adhere to ethical standards.
Computer forensic professionals should follow standard ethical procedures when conducting investigations. If the standards are followed, then the evidence would have a high degree of accuracy and authenticity. Adherence to standard ethical procedures also goes a long way in preventing alteration of crucial forensic evidence that would be admissible in court.
Easttom, C. (2014). System forensics, investigations, and response (2nd ed.). Burlington, MA; Jones and Bartlett Learning.
Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to computer forensics and investigations. Stamford, CT: CengageBrain. com.
Taylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 2011(3), 4-10.