Abstract
The use of forensic tools in the investigation and prosecution of computer-related crimes has its advantages and disadvantages. However, an investigation can be corrupted by not using computer forensic tools. Current evidence processing laws should be taken into account in the assessment of forensic tools. The present paper lists advantages and disadvantages of forensic tools, analyze the consequences of not using computer forensic tools and assesses important evidence processing laws that must be taken into consideration.
Evidence Processing
Nowadays, the investigation of computer-related crimes includes the use of various forensic tools. Like any other investigation method, these tools have certain advantages and disadvantages. Evidence processing laws play an important role in the investigation and implementation of forensic tools. The purpose of this paper is to analyze available forensic tools, identify and explain the challenges of investigations, and explain the legal implication of the First and Fourth Amendments as they relate to evidence processing and computer-related investigations.
Digital forensic tools have appeared in the mid-1980s and develop even today. According to Nelson, Phillips, and Steuart (2014), “the functions required for digital forensics tools are acquisition, validation and verification, extraction, reconstruction, and reporting” (273). All forensic tools can be divided into software and hardware. Both types are suitable for investigations of computer-related crimes. Hardware forensic tools can be developed for one single purpose or include whole computer systems. Software forensic tools divide into subgroups according to their implementation.
The first disadvantage of forensic tools is their instability. The constant development of forensic tools might lead to various errors on old workstations. Users should take into account that updated tools require powerful computers with a large amount of memory and fast processors. The second disadvantage of forensic tools is their influence on the suspect computer. In the course of the investigation, forensic tools can destroy all available evidence about the crime. According to Stephenson and Gilbert (2013), “practically all forensic investigations were primarily carried out on “dead” machines; ones that had been shut down” (p. 130). Nevertheless, now forensic investigations are implemented on running computers to collect more case-specific data. The third disadvantage of forensic tools is their ability to alter the documentation. An investigator should analyze the process of documentation in detail to avoid possible alterations. This situation slows the investigation as a whole.
An investigation can be corrupted by not using computer forensic tools in analysis. Forensic tools should be used in the analysis of the malware code (Jain, Bhanushali, Gawade, & Jawale, 2017). The reversing of compiled code can lead to his creator. The absence of forensic tools, in this case, might result in the misleading of the investigation to a different programmer.
A number of programs lead to the multitude of available forensic tools. Many users prefer EnCase™ Forensic by Guidance Software due to its easily understandable interface and working procedures. According to Britz (2013), “EnCase™ includes “mechanized imaging, verification, and analysis capabilities, all within a graphical user interface (GUI) environment” (p. 296). EnCase™ is suitable for the majority of investigations that require an excellent level of documentation and reporting. Moreover, this software gives access to court decisions and law articles concerning computer-related crimes. The Ultimate Toolkit™ by Access Data is another automated forensic tool with a GUI interface that comprises several programs that can work autonomously or in connection with different packages. The tool filters are known files identify encrypted files and recovers deleted files (Britz, 2013). These functions are indispensable for collecting information in every investigation. Imaging tools are crucial for the analysis of corrupted data. Byteback™ can access damaged files, reconstruct partition tables, and allocate physical flaws (Britz, 2013). The ability to work with multiple formats is another major feature of this program.
The First and Fourth Amendments, along with the Fifth Amendment, define the evidence processing in every investigation (Taylor, Fritsch, & Liederbach, 2014). The First Amendment protects the right of self-expression and free speech. It becomes increasingly difficult to assess the works of digital artists who create pictures with pornographic or obscene context. Their works might damage the minds of children, but the law defends them. Nevertheless, “Prosecutorial Remedies and Other Tools to end the Exploitation of Children Today Act” of 2003 has resolved the issue, including digital images in the list of prohibited materials.
The Fourth Amendment has an enormous influence on evidence processing in forensic investigations. According to Holt, Bossler, and Seigfried-Spellar (2015), “the Fourth Amendment limits the government’s ability to search and seize evidence without a warrant.” In numerous cases, the judges have had to decide what materials are protected under the Constitution. Nevertheless, the plain view doctrine gives the investigators the right to collect and analyze evidence that is not included in the warrant. The Fifth Amendment is connected to password-protected and encrypted files. A suspect cannot be forced by the court to give necessary keys to the investigators without due cause. Even if encrypted files contain crucial evidence, the suspect cannot be prosecuted twice for the same crime.
Forensic tools have their disadvantages and limitations in the context of digital crime investigation, but they are very useful for collecting and analyzing information. Software and hardware forensic tools help the investigators to assess, document, and report the acquired data. The absence of forensic tools might lead the investigation to wrong results. The evidence processing is greatly influenced by the First, the Fourth, and the Fifth Amendments. The questions of privacy and self-expression are constantly arising in the court. The forensic tools help to find the needed evidence of crimes.
References
Britz, M. T. (2013). Computer forensics and cyber crime: An introduction (3d ed.). New York, NY: Pearson Education.
Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K. C. (2015). Cybercrime and digital forensics: An introduction. New York, NY: Routledge.
Jain, N., Bhanushali, N., Gawade, S., & Jawale, G. (2017). Physical and cyber crime detection using digital forensic approach: A complete digital forensic tool. International Journal of Advance Research, Ideas and Innovations in Technology, 3(1), 834-841.
Nelson, B., Phillips, A., & Steuart, C. (2014). Guide to computer forensics and investigations. Boston, MA: Cengage Learning.
Stephenson, P., & Gilbert, K. (2013). Investigating computer-related crime. Boca Raton, FL: CRC Press.
Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism. Upper Saddle River, NJ: Prentice Hall Press.