Chapter 7: Computer Image Verification and Authentication

 < Day Day Up > 



OVERVIEW

As law enforcement and other computer forensics investigators become more familiar with handling evidential computer material, it is apparent that a number of more or less formalized procedures have evolved to maintain both the continuity and integrity of the material to be investigated. Although these procedures are extremely effective under the current rules of evidence, it is expected that alternative procedures will develop as technology advances. The current procedures, in use by both law enforcement and computer forensics investigators, work something like this:

At least two copies are taken of the evidential computer. One of these is sealed in the presence of the computer owner and then placed in secure storage. This is the master copy and it will only be opened for examination under instruction from the Court in the event of a challenge to the evidence presented after forensic analysis on the second copy. If the computer itself has been seized and held in secure storage by law enforcement, this will constitute best evidence. If the computer has not been seized, then the master copy becomes best evidence. In either case, the assumption is that while in secure storage, there can be no possibility of tampering with the evidence. This does not protect the computer owner from the possibility that secured evidence may be tampered with.

A growing practical problem with this method of evidential copying occurs not due to the security aspect or appearance of the situation, but because of the increasing sizes of fixed disks found in computers. A size of 2 Gigabytes is no longer unusual and it is common to find more than one fixed disk within a single machine. The cost of the media is decreasing slowly, but this is still significant when considering the quantity of information to be copied and stored (even though the system does allow for media re-use). There is also the problem of the length of time individual copies may take to complete. A sizable saving in both time and expense might, therefore, be achieved if an alternative method of evidential security could be arranged.



 < Day Day Up > 



Computer Forensics. Computer Crime Scene Investigation
Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)
ISBN: 1584500182
EAN: 2147483647
Year: 2002
Pages: 263
Authors: John R. Vacca

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net