How to prepare a windows-based computer for a forensic investigation
Forensic investigators use specific hardware and software to examine computer systems. The increased adoption of Windows operating systems has made computer forensic investigators use Windows-based platforms as sources of digital evidence. The first step involves taking the image of the computer suspected to have crucial digital data.
We will write a custom Essay on Preparing a computer forensics investigation plan specifically for you
301 certified writers online
If crucial evidence is suspected to be held in volatile storage, then a live analysis is conducted, but a dead analysis is performed when the evidence is thought to be contained in permanent storage disk locations. A Windows-based computer would require retrieval of information before shutting down the computer. However, if the information is thought to be contained in the permanent storage, then a computer has to be shut down before transporting it to a laboratory for forensic analysis.
A computer forensics expert should be careful not to change data held in non-volatile storage when powering down the computer. When using a Microsoft Windows system, the information stored in non-volatile storage could be prevented from interference by removing the power cord from the socket (Nelson, Phillips & Steuart, 2010; Easttom, 2014).
The first step in the laboratory examination would involve analysis of the status and setup of the computer. The computer should be booted and BIOS setup selected. Caution should be taken so that the Windows-based computer does not use internal digital devices to boot.
Alternatively, internal drives should be disconnected so that they would not interfere with the intended booting procedure (Nelson et al., 2010; Taylor, Haggerty, Gresty & Lamb, 2011; Easttom, 2014). At this point, information could be retrieved from the computer for forensic analysis.
How to handle digital evidence
Digital data could be changed easily, and this could interfere with the integrity of digital information. Also, alteration of digital data could make it difficult to differentiate original data from copied data. There are four principles that are followed when handling digital evidence (Easttom, 2014). First, digital evidence should be collected in a manner that does not cause changes in the form of data. If the data are changed, then the integrity of the data could be compromised.
Secondly, only trained persons should be allowed to handle digital evidence. Persons who are trained could handle digital evidence professionally and be responsible for breaching ethical, legal and professional standards (Nelson et al., 2010). Also, digital evidence that is professionally handled by trained personnel could have higher chances of being admissible in court than digital evidence handled by untrained persons.
Third, all processes used to analyze digital evidence should be well documented and stored for reviews in the future. There should be clear reasons for any changes that are done on the digital evidence. This helps to hold professionals responsible for their actions. Fourth, computer forensic experts should examine copies of original files suspected to contain evidence (Easttom, 2014). In other words, original files should not be examined or manipulated.
The quality of evidence gathered in computer forensics greatly depends on the law enforcement and procedures used when gathering the evidence (Nelson et al., 2010). The law is clear about specific legal guidelines that should be followed when handling forensic evidence. For example, the Health Insurance Portability and Accountability Act prohibits professionals from disclosing clients’ information without their permission (Easttom, 2014).
Therefore, it would be illegal for a computer forensics professional to disclose private information about a person who is being investigated without his or her permission. Gathering data in computer forensics is also expected to follow standard procedures that aim to promote quality of the evidence. Standard evidence gathering procedure requires forensic experts to use tested and accepted tools for data collection.
Some of the tools may include boot software, computer forensic software, analysis software and intelligence analysis software, among others. General practices and procedures also require that all personnel involved in gathering evidence should be aware of the best procedures and practices. This helps to maintain the integrity and authenticity of forensic evidence (Nelson et al., 2010; Easttom, 2014).
Privacy issues are common in the field of computer forensics. Legal and ethical standards require that computer forensic experts should uphold the privacy of client organizations. In some cases, leakage of a client’s information may result in media attention that could negatively impact a business organization.
Code of ethics prohibits persons from disclosing assets of an individual when conducting forensic investigations. It is also against the code of conduct to disclose an individual’s information on the internet during forensic investigations (Nelson et al., 2010; Taylor et al., 2011).
How to use data as evidence in a criminal proceeding
The data collected from the computer system would act as evidence in a criminal proceeding only if it meets the standard requirements (Taylor et al., 2011; Easttom, 2014). First, there must be proper documentation to show that the data was collected using standard legal and ethical procedures.
Get your first paper with 15% OFF
Second, it should be shown in a court that the data being presented as evidence have not been altered to affect their integrity. Third, it must be shown that the persons handling the data at various stages are trained for that purpose. Once the three conditions are met, the data would be used as standard evidence in a criminal proceeding.
Easttom, C. (2014). System forensics, investigations, and response (2nd ed.). Burlington, MA; Jones and Bartlett Learning.
Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to computer forensics and investigations. Stamford, CT: CengageBrain. com.
Taylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 2011(3), 4-10.