Ybercrime Incident: Analyzing the evidence
A paper on a computer related crime which can be solved by using computer forensics. You must detail the procedures used in discovering and investigating the evidence. Discuss the case, the investigation process, data recovery, securing the evidence and chain of custody. Remember to explain the types of software you would use to complete the case.
Please follow the rough outline below
Introduction/Thesis: By using a established systematic approach, a digital forensics investigator can identify if a computer crime has occurred, and collect relevant evidence using tools to gather the evidence needed to prove a crime was committed.
I. Launching the investigation
A. Verifying a security incident has taken place on a computer system
1. Talk to victim, collect relevant information in regards to the crime
2. Secure the crime scene
B. Verify a crime has actually taken place
1. Collect and preserve the evidence
2.Indications of the crime and hypothesis on intrusion entry method.
II. Using Tools to collect the evidence
A. Use software Tools to collect
1. Disk Imaging software to make copy of data for analysis
2.Search for hidden Information using specific software such as Encase, Norton Utilities
III. Maintaining Chain of Custody and presenting findings
A. Follow local and federal guidelines on preserving evidence using the chain of custody
1. Keeping an accurate log of evidence ownership
B. Write written analysis of evidence found and present findings
Conclusion/Closing: By using systematic approach, computer related crimes can be detected and evidence successfully collected and presented for prosecution of crimes.