Uploaded byunnilala11
PPTX, PDF4,696 views

Digital investigation

This document discusses the nature of computer-based electronic evidence and the devices and considerations involved in digital investigation. It covers topics such as latent evidence stored on computers, fragility of electronic evidence, devices that may contain evidence like computers, networks, and other digital devices. It also summarizes laws and guidelines related to digital investigation in the UK.

Embed presentation

Downloaded 165 times
M24CDE Computer Law Digital Investigation M24CDE 1
Nature of computer-based electronic evidence • Computer-based electronic evidence is information and data of investigative value that is stored on or transmitted by a computer. As such, this evidence is latent evidence in the same sense that fingerprints or DNA evidence is latent. • In its natural state, we cannot see what is contained in the physical object that holds our evidence. Equipment and software are required to make the evidence available. Testimony may be required to explain the examination and any process limitations.
Nature of computer-based electronic evidence • Computer-based electronic evidence is, by its very nature, fragile. It can be altered, damaged, or destroyed by improper handling or improper examination. For this reason, special precautions should be taken to document, collect, preserve and examine this type of evidence. Failure to do so may render it unusable or lead to an inaccurate conclusion.
Devices subjected to Digital Investigation • Desktop and Laptop Computers • Personal Organisers (PDAs) • Main unit: usually the box to which the monitor and keyboard are attached • Monitor, keyboard and mouse • Leads • Power supply units and batteries • Hard disks not fitted inside the computer • Dongles • Modems (some contain phone numbers)
Devices subjected to Digital Investigation • External drives and other external devices • Wireless network cards, Modems, Routers • Digital cameras • Floppy disks • Back up tapes • Jaz/Zip cartridges • CDs,DVDs • PCMCIA cards • Memory sticks, memory cards • USB/firewire connected devices
Home networks & wireless technology • Switches, hubs, routers, firewalls (or devices which combine all three). • Embedded network cards (e.g. Intel Centrino). • Access Points. • Printers and digital cameras. • Bluetooth devices – PDAs, mobile phones, dongles etc. • Hard drives both wired and wireless. • Wireless networks – cannot be controlled in the same way as a traditionally cabled solution and are potentially accessible by anyone within radio range.
Other Digital Devices • Mobile telephones. • Telephone e-mailers. • Pagers. • Internet-capable digital • Land line telephones. TVs • Answering machines. • Media PC • Facsimile machines. • Satellite receivers • Dictating machines. • HD recorders • Digital cameras • Next generation games consoles
Considerations • To assist in the examination of the equipment, seize: – Manuals of computer and software. – Anything that may contain a password. – Encryption keys. – Security keys – required to physically open computer equipment and media storage boxes.
Association of Chief Police Officers (ACPO) Guidelines • Principle 1: – No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court. • Principle 2: – In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
APCO Guidelines • Principle 3: – An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. • Principle 4: – The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to
Computer Misuse Act 1990 (UK Wide) • S1 Unauthorised Access To Computer Material • S2 Unauthorised Access With Intent to Commit Other Offence • S3 Unauthorised Acts with Intent to Impair Operation • S3A Making, Supplying or Obtaining Article for Use in S1 or S3 offences • S10 Saving For Certain Law Enforcement Powers • S14 Search Warrants • S17 Interpretation M24CDE 11
The Police & Criminal Evidence Act 1984 • S8 Search Warrant • S19 General Power of Seizure • S20 Extension of Powers of Seizure to Computerised Information • S21 Access and Copying • S22 Retention • S78 Exclusion of Unfair Evidence M24CDE 12
Criminal Justice & Police Act 2001 (England, Wales & NI.) • S50 (re search and seizure – bulk items) • S50 (1) – Where a person is lawfully on premises carrying out a search and it is not practicable to determine at the time if an item found is something that he is entitled to seize, or if the contents of an item are things that he is entitled to seize, the item can be taken away for this to be determined. There must be reasonable grounds for believing the item may be something for which there was authorisation M24CDE to search. 13
Criminal Justice & Police Act 2001 (England, Wales & NI.) • S50 (2) – Where a person is lawfully on premises and an item for which there is a power to seize is found, but it is contained within an item for which there would ordinarily be no power to seize and it is not practicable to separate them at the time, both items can be seized.
Investigation Process • Identification • Acquisition • Preservation • Search • Analysis • Reconstruction • Presentation M24CDE 15

More Related Content

PPTX
mobile forensic.pptx
byAmbuj Kumar
 
PPT
Digital Forensic
byCleverence Kombe
 
PPTX
Digital Forensics
byMithileysh Sathiyanarayanan
 
PPTX
Digital Evidence by Raghu Khimani
byDr Raghu Khimani
 
PDF
Cyber Forensics Module 1
byManu Mathew Cherian
 
PPTX
Mobile Forensics
byabdullah roomi
 
PPTX
Network forensics and investigating logs
byanilinvns
 
PPT
Computer +forensics
byRahul Baghla
 
mobile forensic.pptx
byAmbuj Kumar
 
Digital Forensic
byCleverence Kombe
 
Digital Forensics
byMithileysh Sathiyanarayanan
 
Digital Evidence by Raghu Khimani
byDr Raghu Khimani
 
Cyber Forensics Module 1
byManu Mathew Cherian
 
Mobile Forensics
byabdullah roomi
 
Network forensics and investigating logs
byanilinvns
 
Computer +forensics
byRahul Baghla
 

What's hot

PPTX
Guideline for Call Data Record Analysis by Raghu Khimani
byDr Raghu Khimani
 
PDF
04 Evidence Collection and Data Seizure - Notes
byKranthi
 
PPTX
Computer forensics
bydeaneal
 
PPTX
Mobile Forensics
byprimeteacher32
 
PPT
Introduction to computer forensic
byOnline
 
PPTX
E-mail Investigation
byedwardbel
 
PPTX
Digital forensics
byvishnuv43
 
PPT
Preserving and recovering digital evidence
byOnline
 
PPTX
Introduction to e-Discovery
byMalla Reddy Donapati
 
PPTX
Digital forensics
byyash sawarkar
 
PPT
Collecting and preserving digital evidence
byOnline
 
PPTX
Cyber Forensics Overview
byYansi Keim
 
PDF
Forensics Analysis and Validation
byJyothishmathi Institute of Technology and Science Karimnagar
 
PPTX
Digital Forensic ppt
bySuchita Rawat
 
PDF
CS6004 Cyber Forensics
byKathirvel Ayyaswamy
 
PPTX
First Responder Officer in Cyber Crime
byApplied Forensic Research Sciences
 
PPTX
Cybercrime investigation
byProf. (Dr.) Tabrez Ahmad
 
PDF
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
PDF
Digital forensic principles and procedure
bynewbie2019
 
PPTX
Computer forensics powerpoint presentation
bySomya Johri
 
Guideline for Call Data Record Analysis by Raghu Khimani
byDr Raghu Khimani
 
04 Evidence Collection and Data Seizure - Notes
byKranthi
 
Computer forensics
bydeaneal
 
Mobile Forensics
byprimeteacher32
 
Introduction to computer forensic
byOnline
 
E-mail Investigation
byedwardbel
 
Digital forensics
byvishnuv43
 
Preserving and recovering digital evidence
byOnline
 
Introduction to e-Discovery
byMalla Reddy Donapati
 
Digital forensics
byyash sawarkar
 
Collecting and preserving digital evidence
byOnline
 
Cyber Forensics Overview
byYansi Keim
 
Forensics Analysis and Validation
byJyothishmathi Institute of Technology and Science Karimnagar
 
Digital Forensic ppt
bySuchita Rawat
 
CS6004 Cyber Forensics
byKathirvel Ayyaswamy
 
First Responder Officer in Cyber Crime
byApplied Forensic Research Sciences
 
Cybercrime investigation
byProf. (Dr.) Tabrez Ahmad
 
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
Digital forensic principles and procedure
bynewbie2019
 
Computer forensics powerpoint presentation
bySomya Johri
 

Similar to Digital investigation

PPT
Evidence Seizure Sandyb
byCTIN
 
PPT
Bag and Tag
byCTIN
 
PPT
Evidence Seizure Level One
byCTIN
 
PPTX
Introduction to computer forensics in IT society
bynorhasiahakhir1
 
PPTX
Introduction To Forensic Methodologies
byLedjit
 
PPT
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
byCTIN
 
PDF
2022-05-12 Live Forensics for Law Enforcement @UniPD
byDavide Gabrini
 
PPTX
Processing Crimes and Incident Scenes
byprimeteacher32
 
PPSX
CYBER - LAW3......................................
byarchjyotisingh
 
PPTX
Cyber forensic-Evedidence collection tools
byN.Jagadish Kumar
 
PDF
Best Practices For Seizing Electronic Evidence v.3: A Pocket Guide for Firs...
byDavid Sweigert
 
PPTX
Criminal Procedure and Digital Evidence Collection In The Modern Era Of Techn...
byLakshitMittal8
 
PPT
Cyber Crime Evidence Collection Ifsa 2009
byUniversity of Southern Mississippi
 
PPT
Evidence Seizure Ctin Version Draft
byCTIN
 
DOCX
Berkeley College Cyber CrimeLecture Notes Chapter 11Searching .docx
byAASTHA76
 
PPT
Evidence Seizure
byCTIN
 
PDF
1.Digital Forensics Collection, Presservation and Appreciation of Electronic ...
byAnandkumar105685
 
PDF
Test Bank for Guide to Computer Forensics and Investigations, 5th Edition
bykaytibhurke
 
PPT
Latihan4 comp-forensic-bab3
bysabtolinux
 
PPTX
Presentation cyber forensics & ethical hacking
byAmbuj Kumar
 
Evidence Seizure Sandyb
byCTIN
 
Bag and Tag
byCTIN
 
Evidence Seizure Level One
byCTIN
 
Introduction to computer forensics in IT society
bynorhasiahakhir1
 
Introduction To Forensic Methodologies
byLedjit
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
byCTIN
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
byDavide Gabrini
 
Processing Crimes and Incident Scenes
byprimeteacher32
 
CYBER - LAW3......................................
byarchjyotisingh
 
Cyber forensic-Evedidence collection tools
byN.Jagadish Kumar
 
Best Practices For Seizing Electronic Evidence v.3: A Pocket Guide for Firs...
byDavid Sweigert
 
Criminal Procedure and Digital Evidence Collection In The Modern Era Of Techn...
byLakshitMittal8
 
Cyber Crime Evidence Collection Ifsa 2009
byUniversity of Southern Mississippi
 
Evidence Seizure Ctin Version Draft
byCTIN
 
Berkeley College Cyber CrimeLecture Notes Chapter 11Searching .docx
byAASTHA76
 
Evidence Seizure
byCTIN
 
1.Digital Forensics Collection, Presservation and Appreciation of Electronic ...
byAnandkumar105685
 
Test Bank for Guide to Computer Forensics and Investigations, 5th Edition
bykaytibhurke
 
Latihan4 comp-forensic-bab3
bysabtolinux
 
Presentation cyber forensics & ethical hacking
byAmbuj Kumar
 

Recently uploaded

PDF
Application of ICT Lecture 6 Digital Citizenship and Online Etiquette.pdf
byKhalil Khan Marwat
 
PPTX
OverView of AI in Products in Odoo 19
byCeline George
 
PDF
how to write your (written) research instruments
byThelma Villaflores
 
PDF
Application of ICT Lecture 2 Basic ICT Productivity Tools.pdf
byKhalil Khan Marwat
 
PPTX
How to Configure Discount Code in Odoo 18 Sales
byCeline George
 
PPTX
Java Programming_BJD_Slideshare-Introduction.pptx
byBapusahebDange
 
PPTX
GRADE-1-Q3-MATH-WEEK-6.pptx_202633333333
byKennethGraceAngeles1
 
PDF
Pharmaceutical Biotechnology unitI Notes
byBhagyashree Prakash Gajbhare
 
PPTX
Road Safety as a shared responsibility, 2026
bySougata Pal
 
PPTX
Prenatal Development of Cranium, Jaw and Face
byHarshita Dhanrajani
 
PPTX
CHAPTER NO.6 PLANT FIBRES USED AS SURGICAL DRESSINGS.pptx
byGanu Gavade
 
PPTX
Shipping Policies & Picking Policies in Odoo 18 Inventory
byCeline George
 
PPTX
How to use sorted() method in Odoo 18
byCeline George
 
PDF
Error-Analysis-in-Analytical-Chemistry-and-statistics ppt.pdf/by k sandeep swamy
bySandeep Swamy
 
PPTX
INSTAGRAM: Where Moment Turns Into Stories.pptx
byandriemark51
 
PPTX
CHAPTER NO. 05 DIURETICS PHARMACOGNOSY.pptx
byGanu Gavade
 
PPTX
MELA QUIZ 2026 | Silchar Medical College & Hospital | 11-01-2026
byUltimatewinner0342
 
PPTX
ENGLISH 3-Q3-W7.pptx 2025-2026..................................................
byWindyDizonMiranda
 
PPTX
DIGITAL TRANSFORMATION MODULE KEY POINTS
byLisa Harris
 
PDF
Application of Information and Communication Technology Content.pdf
byKhalil Khan Marwat
 
Application of ICT Lecture 6 Digital Citizenship and Online Etiquette.pdf
byKhalil Khan Marwat
 
OverView of AI in Products in Odoo 19
byCeline George
 
how to write your (written) research instruments
byThelma Villaflores
 
Application of ICT Lecture 2 Basic ICT Productivity Tools.pdf
byKhalil Khan Marwat
 
How to Configure Discount Code in Odoo 18 Sales
byCeline George
 
Java Programming_BJD_Slideshare-Introduction.pptx
byBapusahebDange
 
GRADE-1-Q3-MATH-WEEK-6.pptx_202633333333
byKennethGraceAngeles1
 
Pharmaceutical Biotechnology unitI Notes
byBhagyashree Prakash Gajbhare
 
Road Safety as a shared responsibility, 2026
bySougata Pal
 
Prenatal Development of Cranium, Jaw and Face
byHarshita Dhanrajani
 
CHAPTER NO.6 PLANT FIBRES USED AS SURGICAL DRESSINGS.pptx
byGanu Gavade
 
Shipping Policies & Picking Policies in Odoo 18 Inventory
byCeline George
 
How to use sorted() method in Odoo 18
byCeline George
 
Error-Analysis-in-Analytical-Chemistry-and-statistics ppt.pdf/by k sandeep swamy
bySandeep Swamy
 
INSTAGRAM: Where Moment Turns Into Stories.pptx
byandriemark51
 
CHAPTER NO. 05 DIURETICS PHARMACOGNOSY.pptx
byGanu Gavade
 
MELA QUIZ 2026 | Silchar Medical College & Hospital | 11-01-2026
byUltimatewinner0342
 
ENGLISH 3-Q3-W7.pptx 2025-2026..................................................
byWindyDizonMiranda
 
DIGITAL TRANSFORMATION MODULE KEY POINTS
byLisa Harris
 
Application of Information and Communication Technology Content.pdf
byKhalil Khan Marwat
 

Digital investigation

  • 1.
    M24CDE Computer Law Digital Investigation M24CDE 1
  • 2.
    Nature of computer-basedelectronic evidence • Computer-based electronic evidence is information and data of investigative value that is stored on or transmitted by a computer. As such, this evidence is latent evidence in the same sense that fingerprints or DNA evidence is latent. • In its natural state, we cannot see what is contained in the physical object that holds our evidence. Equipment and software are required to make the evidence available. Testimony may be required to explain the examination and any process limitations.
  • 3.
    Nature of computer-basedelectronic evidence • Computer-based electronic evidence is, by its very nature, fragile. It can be altered, damaged, or destroyed by improper handling or improper examination. For this reason, special precautions should be taken to document, collect, preserve and examine this type of evidence. Failure to do so may render it unusable or lead to an inaccurate conclusion.
  • 4.
    Devices subjected toDigital Investigation • Desktop and Laptop Computers • Personal Organisers (PDAs) • Main unit: usually the box to which the monitor and keyboard are attached • Monitor, keyboard and mouse • Leads • Power supply units and batteries • Hard disks not fitted inside the computer • Dongles • Modems (some contain phone numbers)
  • 5.
    Devices subjected toDigital Investigation • External drives and other external devices • Wireless network cards, Modems, Routers • Digital cameras • Floppy disks • Back up tapes • Jaz/Zip cartridges • CDs,DVDs • PCMCIA cards • Memory sticks, memory cards • USB/firewire connected devices
  • 6.
    Home networks &wireless technology • Switches, hubs, routers, firewalls (or devices which combine all three). • Embedded network cards (e.g. Intel Centrino). • Access Points. • Printers and digital cameras. • Bluetooth devices – PDAs, mobile phones, dongles etc. • Hard drives both wired and wireless. • Wireless networks – cannot be controlled in the same way as a traditionally cabled solution and are potentially accessible by anyone within radio range.
  • 7.
    Other Digital Devices • Mobile telephones. • Telephone e-mailers. • Pagers. • Internet-capable digital • Land line telephones. TVs • Answering machines. • Media PC • Facsimile machines. • Satellite receivers • Dictating machines. • HD recorders • Digital cameras • Next generation games consoles
  • 8.
    Considerations • To assistin the examination of the equipment, seize: – Manuals of computer and software. – Anything that may contain a password. – Encryption keys. – Security keys – required to physically open computer equipment and media storage boxes.
  • 9.
    Association of ChiefPolice Officers (ACPO) Guidelines • Principle 1: – No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court. • Principle 2: – In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
  • 10.
    APCO Guidelines • Principle3: – An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. • Principle 4: – The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to
  • 11.
    Computer Misuse Act1990 (UK Wide) • S1 Unauthorised Access To Computer Material • S2 Unauthorised Access With Intent to Commit Other Offence • S3 Unauthorised Acts with Intent to Impair Operation • S3A Making, Supplying or Obtaining Article for Use in S1 or S3 offences • S10 Saving For Certain Law Enforcement Powers • S14 Search Warrants • S17 Interpretation M24CDE 11
  • 12.
    The Police &Criminal Evidence Act 1984 • S8 Search Warrant • S19 General Power of Seizure • S20 Extension of Powers of Seizure to Computerised Information • S21 Access and Copying • S22 Retention • S78 Exclusion of Unfair Evidence M24CDE 12
  • 13.
    Criminal Justice &Police Act 2001 (England, Wales & NI.) • S50 (re search and seizure – bulk items) • S50 (1) – Where a person is lawfully on premises carrying out a search and it is not practicable to determine at the time if an item found is something that he is entitled to seize, or if the contents of an item are things that he is entitled to seize, the item can be taken away for this to be determined. There must be reasonable grounds for believing the item may be something for which there was authorisation M24CDE to search. 13
  • 14.
    Criminal Justice &Police Act 2001 (England, Wales & NI.) • S50 (2) – Where a person is lawfully on premises and an item for which there is a power to seize is found, but it is contained within an item for which there would ordinarily be no power to seize and it is not practicable to separate them at the time, both items can be seized.
  • 15.
    Investigation Process • Identification • Acquisition • Preservation • Search • Analysis • Reconstruction • Presentation M24CDE 15