Chapter 20: Summary, Conclusions, and Recommendations

OVERVIEW

Computer forensics may sound like a media-generated catchphrase, but its principle is actually quite simple. Forensics, generally speaking, is investigation of evidence following scientific methods within the regulations of the law. Computer forensics applies those same principles to digital evidence-recovery.

The scope of such digital-evidence salvage operations is enormous, due to many factors, including the global nature of the Internet. To help create cooperation between the United States and other nations, the G8 group (http://www.g8online.org/) of major industrialized nations has proposed six principles for procedures relating to digital evidence, which it defines as information stored or transmitted in binary form that may be relied on in court:

1. When dealing with digital evidence, all the standard forensic and procedural principles must be applied.

2. Upon seizing digital evidence, actions taken should not change that evidence.

3. People who access original digital evidence should be trained for the purpose.

4. All activity relating to the seizure, access, storage,^[i] or transfer of digital evidence must be fully documented, preserved, and available for review.

5. Individuals are responsible for all actions taken with respect to digital evidence while such evidence is in their possession.

6. Any agency that is responsible for seizing, accessing, storing, or transferring digital evidence is responsible for complying with these principles.^[ii]

All computer forensic policy and procedures should be developed from these principles. Not limited to computers in the traditional sense, the field encompasses everything from PDAs to routers, and covers crimes ranging from creating, possessing, and disseminating child pornography to network intrusions. Perpetrators range from 13-year-olds to trained experts paid by rogue nations to infiltrate and steal proprietary information; organization insiders could also perpetrate similar crimes.

^[i]John R. Vacca, The Essential Guide to Storage Area Networks, Prentice Hall, 2002.

^[ii]Grant Gottfried, “Emerging Technology: Taking A Byte Out Of Crime,” National Center For Forensic Science (NCFS), 12354 Research Parkway, Orlando, Florida 32826, 2002. (©Copyright 2002. National Center For Forensic Science (NCFS). All rights reserved).