Week 1 CCJS
There is a flow chart depicting how a case passes through the criminal justice system, as well as some case law that affects digital evidence.
What is digital forensics, how does it related to the criminal justice system, and why should a non-criminal justice major take this course?
By the end of this course you will have a better understanding of why IT professionals, or other non-criminal justice professionals, should still understand the criminal justice system particularly if they plan to work in fields such as digital forensics, incident response, or information security. You will also gain an appreciation for the restrictions and structures placed on criminal case investigations conducted by public law enforcement officers.
In the 1980s, when home computers were not yet popular and desktop systems were being developed for business and the government, the only digital forensics being practiced were used to detect and investigate hacking and computer compromise. In fact, the most common criminal act involving computers was the use of systems and dial-up modems to connect to the Department of Defense’s networks to get free long distance. As home computers and desktop computers became more popular, the main communications systems for inter-connectivity among computer users was through the use of dial-up commercial systems, which eventually resulted in the development of more advanced commercial networks, such as America Online (AOL).
As with any mechanism that makes life easier for consumers, those with criminal intent developed a means to exploits those systems for other-than-lawful purposes. Thus, computers became a bigger focus of the criminal justice system, as they could be used for different types of criminal activity. A computer could be used to commit a crime, such as hacking or transferring private or illegal information (e.g., stolen social security numbers, credit card information, or child pornography); it could be used to store evidence of a crime (e.g., child pornography, a “murder list,” narcotics ledgers, “cooked” accounting books); or it could be the target of a crime. From a national and international perspective, computers can and have been used to facilitate acts of terrorism and/or threats to national security.
As a result, techniques had to be developed to allow criminal justice professionals to search through digital data contained on a computer or network to identify and collect evidence. Initially, criminal justice professionals used commercially mainstream or wide-use software that could be used to recover data or search for data on a hard drive. Norton Disk Edit tools, for example, could be used to search a computer for digital evidence, but it also caused changes to the computer’s data. However, specialized forensic software was eventually developed (e.g., EnCase, FTK, SMART, etc.) to more accurately collect and search digital evidence without damaging or changing its content.
Initially, the courts did not understand the technology (neither the computers nor the forensic processes and software developed to examine them), and the law was not up-to-date enough to facilitate the investigation and prosecution of technology-based crimes. Further, there were not yet universal digital forensic standards or established best practices that practitioners could follow, which would have helped circumvent challenges to digital evidence in court. But, fortunately, over the last twenty years, laws have created or modified to account for technology-based crimes, digital forensic standards have been developed that are used across the discipline, and specialized tools have been developed that help law enforcement meet those standards.
Why is this important to each of you, as non-criminal justice professionals? While conducting a forensic analysis of your organization’s computers systems or networks – whether you’re searching for evidence of hacking or employee misconduct, or in response to a request for discovery in a lawsuit, as just a few examples – you may come across information that could lead to a criminal prosecution. If you do not follow the same standards used by criminal justice professionals (e.g., making every effort to analyze a bit-by-bit forensic copy instead of the original evidence directly), any evidence you find could be rendered inadmissible in court. However, if you perform your duties as a forensic examiner with criminal justice standards in mind, not only will it increase the utility of the digital evidence in a criminal or civil court, but it should also provide more certainty in your own results. In all situations involving the potential misuse of digital information, you should maintain a sensitivity to the potential for commercial/corporate terrorism or threats to geopolitical security.
For this week’s discussion response, complete the explanation requested below. Please discuss thoroughly and substantively in your post. Additionally, respond in a thorough, substantive, intelligent way to at least two of your fellow classmates that adds to our discussion and learning of this week’s topic!
- Provide at least one example of how being familiar with and following digital forensic best practices, AND criminal justice standards would benefit you, even if you worked in a non-criminal justice digital forensics position.
Week 2 CCJS
This week’s reading takes you from the general discussion we held last week into some more specific details about the role of both criminal justice and non-criminal justice professionals in the IT and computer forensics world, as well as why it is important that you understand the basic principles and concepts of the criminal justice process. Then we get into the meat of what you would do and how you would interface with law enforcement in the event you have to conduct a forensic system analysis. The readings in module 2 again stress the importance of understanding the criminal justice process, as well as discuss different types of devices or file systems that may contain information critical to your analysis.
Among the basic concepts to understand this week are that there are many types of evidence one could find in digital data. Understanding what data you may find, even if it is not evidence of a crime, is important to preparing a digital examination/analysis plan. Let’s look at a non-technical example…
When a law enforcement officer applies for a warrant to search a residence, the officer must specify for what it is he or she is searching; if the case involves a stolen car, then the officer’s search will be limited to only those locations a stolen car, or pieces of a stolen car (in case it was chopped), could be located. It would be unwise to just list the stolen car on the warrant, as (in the interpretation of the court) might only limit the officer to the whole car, intact. So, the officer has to determine in the beginning of their search what could have happened to the car (attempting to account for all the possibilities) so his or her search is complete (and most likely to yield results). The officer will also have to justify (in the affidavit) why he or she believes that the car could be found in smaller pieces.
To that end, an officer with auto theft experience may also be able to state that, in his or her experience, stolen cars are often broken down into smaller components, which can be identified with certainty as belonging to the original stolen car, as well as where such components could be hidden. It would most likely not be enough for the officer to simply assert that cars are broken down and sold for parts, if he or she wants to justify seizing an ashtray; the ashtray would need some specific characteristics to do that like a serial number, or other unique identifying artifact.
Search warrants and searches are, therefore, most often limited in scope to items for which the searcher is looking (i.e., nearly always evidence of a crime or wrongdoing). You cannot look for an elephant in a kitchen drawer! I know that sounds absurd, but it is an excellent metaphor… However, if you were looking for narcotics, they could be hidden almost anywhere, and you could justify a much broader search. In this example, digital evidence is much more akin to narcotics than you may think, with evidential data often occurring in hidden, strange, or unlikely places. As such, warrants to search for digital evidence often cast a “wide net,” but cannot be so overly broad as to not be supported by probable cause or violate someone’s Fourth Amendment protections and implied rights to privacy under the Constitution.
Do not despair, however, if you are not a law enforcement officer… The requirement to obtain a search warrant does not apply to searches by private individuals or non-government organizations, as long as the individual(s) have the authority to conduct the search (e.g., IT security personnel are searching a computer owned by their company for company data, or an employee gives the company consent to search for their personal data). Judicially, the Court evaluates whether your activity was an extension of the government (law-enforcement); acting on their behalf or assisting them. However, even those searches may be limited to certain parts of the computer system(s) or network(s). If a person is allowed to use a personally-owned flash drive at work, and that drive is connected to the computer, you still may not be able to search it without the employee’s consent. All of these examples depend heavily on established company policies and what warnings were given to the employee.
Now this is where you can start thinking like a sleuth! The readings this week identify several types of devices on which digital evidence could be found. Digital evidence is everywhere these days…more than you could ever analyze!
For this week’s discussion, please select two of the devices described in your readings (or other devices, if you prefer). For these devices, answer the following questions below in detail. Please discuss thoroughly and substantively in your post.
- For each device, state what types of evidence you would look for on those devices in detail
- Explain what limitations or hurdles you would have to clear before searching each of the devices (BOTH as a company IT professional and a law enforcement officer).
- Identify what, if any, policies would need to be in place for you to search as a private employee, and,
- Identify what limits can be placed on the search by police.
TO GET THIS OR ANY OTHER ASSIGNMENT DONE FOR YOU FROM SCRATCH, PLACE A NEW ORDER HERE