|< Day Day Up >|| |
Computer forensics, therefore, is a leading defense in the corporate world’s armory against cyber crime. Forensic investigators detect the extent of a security breach, recover lost data, determine how an intruder got past security mechanisms, and, potentially, identify the culprit.
A forensic expert needs to be qualified in both investigative and technical fields and trained in countering cyber crime. They should also be knowledgeable in the law, particularly legal jurisdictions, court requirements, and the laws on admissible evidence and production.
In many cases, forensic investigations leads to calling in law enforcement agencies and building a case for potential prosecution, which could lead to a criminal trial. The alternative is pursuing civil remedies as opposed to criminal prosecution, for instance, pursuing breach of trust, and loss of intellectual property rights.
The most common legal difficulty faced by organizations seeking to redress cyber crime in the courts is having digitally based evidence accepted. Notwithstanding the technical expertise of IT teams, most companies are ill-equipped to investigate cyber crime in a way that results in the collection of admissible evidence. For example, data collected for the purposes of evidence must be shown to be untampered with and accounted for at every stage of its life from collection to presentation in court. In other words, it must meet the requirements of the jurisdictions Law of Evidence.
Another issue is the lag time between legislation and the dynamic pace of change and improvements in technology. As a result, law enforcement organizations and computer forensic experts alike are often forced to use archaic and nonspecific laws to fit unusual circumstances.
For example, to commit theft, a person must permanently deprive the victim of property. However, if a disgruntled employee copied an organization’s database and sold to a rival company, the organization is not permanently deprived of the data, therefore, technically, no offense of theft has been committed. In addition, it is unclear whether data fits into the legal definition of property. However, even in cases where there is a clearly defined crime, corporations are often hesitant to pursue a criminal conviction because of the time, cost, and reputation risk involved in reaching a legal outcome.
|< Day Day Up >|| |