Cyber forensics

Cyber forensics

What is digital evidence?
Digital evidence is information and data of value to an investigation that is stored on, received, or transmitted by an electronic device.
Digital evidence –
Is latent, like fingerprints or DNA evidence
Crosses jurisdictional borders quickly and easily
Is easily altered, damaged, or destroyed
Can be time sensitive
(U.S. National Institute of Justice, Department of Justice, 2008)

Digital evidence, can be found at different location, comes from various types and forms.
Computers, thumb drives, camera, hard disk, mobile phones, tablets, emails, SMS and many more are types of forms where digital evidence can be found.

Child abuse, computer intrusion, counterfeiting, death investigation, domestic violence, e-mail threats and stalking, identity theft, fraud, terrorism are some key areas where digital evidence are usually expected to be found.
Digital evidence can be classified into two groups, original digital evidence and duplicate evidence.
Original digital evidence: Physical items and the data objects associated with such items at the time of acquisition or seizure. (Carrie Morgan Whitcomb, 2002)
An example of original digital evidence will be the camera and the photos in the camera found at the scene.
Duplicate digital evidence: An accurate digital reproduction of all data objects contained on an original physical item. (Carrie Morgan Whitcomb, 2002)
An example of duplicate digital evidence will be making a copy of all the photos found in the camera.

For criminal offence cases, digital evidence are collected, analyzed and present to court to prove whether the suspects are involve in the crime or his innocence. Before the court determined whether the “evidence” collected is evidence or not, it is not an evidence.

With the rules of evidence, it provides the properties that evidence must have in order to be useful in court. The rules of evidence consist of:

1. Admissible
Evidence must be able to accept,...

Similar Essays