Cyber Crime and Cyber Terrorism

Download 5,67 Mb.

Pdf ko'rish

bet	77/283
Sana	19.05.2022
Hajmi	5,67 Mb.
	#604880

1 ... 73 74 75 76 77 78 79 80 ... 283

Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

70
CHAPTER 6
High-tech investigations of cyber crime
any one time, and the access that was available for the building; including vehicle
access routes. No information was available, nor time available, to identify what
digital devices may be present.
The following day the premises were attended by both a legal team and a team of
high-tech investigators. The scene was initially secured by removing all occupants
from the vicinity of all digital devices. A full recording of the site was conducted
using digital cameras and sketches and each digital device was identified. A review
was made of the potential digital sources to determine their current state: in the main
the devices were computers or laptops which had nothing significant running, and
were therefore disconnected from power. A server was identified that was currently
running, a capture was made of the memory to ensure running processes and connec-
tions were recorded, and then the server was shutdown.
Forensic data captures were made of all devices onsite, which in itself took over
12 hours. These captures were then placed into tamper proof evidence bags and re-
turned to the laboratory and analyzed. The background to the investigation provided
relevant keywords and file types. These were used to analyze the data which subse-
quently identified a number of files, emails and documents that were relevant to the
investigation, these allowed the legal team to progress their legal proceedings.
SUMMARY
This chapter looked at the technical side of a high-tech investigation and how they
are conducted. Included were key concepts associated with investigations of digital
data as well as the tools; processes; and techniques pertinent to the process from col-
lecting the evidence through to its analysis. These concepts are important for any in-
vestigator to know so that the correct procedures and processes can be implemented
and the decisions made by others are also understood. It is important to remember
that no two investigations will be the same; there is simply too much variation in
the types of data storage and capabilities of devices for this ever to be the case. An
investigation will almost always come down to the investigator and their ability to
interpret and understand what they are seeing. It is important that even those who are
not involved with the high-tech investigation are aware of the processes involved,
as it has such a significant impact on any investigation into cyber-crime and cyber-
terrorism. Such knowledge may assist in the identification of previously unthought-
of digital devices or areas of investigation.
REFERENCES
National Institute of Justice, 2004. Forensic Examination of Digital Evidence: A Guide for
Law Enforcement. Available:
https://www.ncjrs.gov/pdffiles1/nij/199408.pdf
(accessed
19.02.14).
Williams, J., 2012. ACPO Good Practice Guide for Digital Evidence.
http://www.acpo. police.
uk/documents/crime/2011/201110-cba-digital-evidence-v5.pdf
(accessed 19.02.14).

Download 5,67 Mb.

Do'stlaringiz bilan baham:

1 ... 73 74 75 76 77 78 79 80 ... 283