SlideShare a Scribd company logo

Running Head THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS .docx

Download as DOCX, PDF
J
jenkinsmandie

This document discusses the importance of applying the scientific method to digital forensics investigations. It describes the scientific method process and notes that judges and juries often don't understand digital evidence. The document analyzes the 2004 State of Connecticut v. Julie Amero case, where the prosecution's conclusions were based on poor forensic techniques and tools rather than the scientific method. A post-trial investigation applying the scientific method found evidence exonerating the defendant that had been missed. The document argues that using the scientific method brings structure, credibility and repeatability to investigations.

Education
1 of 8
Running Head: THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS 1 THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS 7 The Scientific Method Applied To Digital Forensics by student name University Course Todays date
Abstract Computer forensics is the process of digital investigation combining technology, the science of discovery and the methodical application of legal procedures. Judges and jurors often do not understand the inner workings of computers and rely on digital forensics experts to seek evidence and provide reliable, irrefutable testimony based on their findings. The scientific method is the process of diligent, disciplined discovery where a hypothesis is formed without bias, and analysis and testing is performed with the goal of effectively proving or disproving a sound hypothesis. When investigative teams do not follow standard investigative procedures it can lead to inappropriate and inaccurate evidentiary presentations that are extremely difficult for non-technical participants to refute. The practitioners of digital forensics can make strides to measure and improve the accuracy of their findings using the scientific method. This paper includes a summary of the scientific method as applied to the emerging and growing field of digital forensics and presents details of a specific case where both the prosecution and defense would have benefitted greatly from the use of this proven method of discovery and analysis. Findings can only be deemed reasonably conclusive when the scientific process is correctly applied to an investigation, findings are repeatable and verifiable, and where both the evidence collected and the tools used are subject to the utmost scrutiny. The Scientific Method Applied To Digital Forensics
The forensic analyst and investigator must use a unique combination of technical, investigative, and scientific skills when approaching a forensic case. Most adults remember the Scientific Method from their middle school science class as a set of six steps beginning with stating a problem, gathering information, forming a hypothesis, testing the hypothesis, analyzing the data and drawing conclusions that either support or do not support the hypothesis. Peisert, Bishop, & Marzullo (2008) note that the term computer forensics has evolved to mean “scientific tests of techniques used with the detection of crime” yet note that many academic computer scientists also use the term to refer to the “process of logging, collecting, auditing or analyzing data in a post hoc investigation”. The necessity to maintain chain of custody requires methodical and detailed procedures, as does the formulation of a legitimate and unbiased hypothesis and conclusion using the scientific method. Since many judges and jurors assume that computer forensic evidence is as “reliable and conclusive” as it is depicted on television, the legal system is unaware of the volatile nature of computer forensics investigations and the significance of a scientific approach to evidence gathering and analysis (Peisert et al., 2008). The Scientific Process as Applied to Computer Forensics Peisert et al. (2008) discuss in detail the need for the use of the scientific method in forensic investigations, not only for the process of discovery and analysis of evidence, but for measuring the accuracy of the forensic tools used in an investigation. Casey (2010) agrees, and cautions that evidence must be compared to known samples so that investigators better understand the scope and context of the evidence that is discovered or presented and to better understand the output of forensic tools. Casey (2010) further elaborates that the scientific method is a powerful tool for forensic investigators who must be neutral fact finders rather than advocates for one side of a case or the other.
The process of creating a hypothesis and completing experiments to prove or disprove them allows an investigator to gain a concrete understanding of the digital evidence or mere traces of evidence under analysis. Casey (2010) also notes that while there is no ethical requirement to do so and may be impractical, a thorough investigative practice would consider investigation of alternate scenarios presented by defense. Forensic examination tools can contain bugs, or behave differently with various types of data and forensic images. Casey (2010) recommends that investigators examine evidence at both the physical and logical layers since both methods can provide unique perspectives, and the physical layer may not yield deleted, corrupted or hidden data. Suspects with limited technical experience can rename image files with different extensions not used for images, and those with more technical knowledge can use advanced steganography techniques to embed data within other data in an attempt to defy detection. The 2004 case of State of Connecticut v. Julie Amero in Norwich, Connecticut is one where the scientific method was clearly missing from both the defense and prosecution. Eckelberry, Dardick, Folkerts, Shipp, Sites, Stewart, & Stuart (2007) completed a comprehensive post-trial analysis of the evidence as provided to the defense and discovered very different evidentiary results using a structured scientific approach to their investigation. Amero was a substitute elementary teacher accused of displaying pornographic images that appeared on pop-up’s to her students from what ultimately was proven to be a spyware-infected school computer. The credibility of the legal system was compromised and the prosecution made a numerous incorrect assumptions based on results provided from inadequate forensic tools and poor investigative techniques (Eckelberry et al., 2007). The computer that Amero was using in her classroom was a Windows 98 machine running Internet Explorer 6.0.2800 and a trial version of Cheyenne AntiVirus that had not received an update in several years. The content filtering at the school had
expired several months prior to the incident. The prosecution presented non-factual statements that may easily have been misconstrued by a non-technical jury and that likely caused a guilty verdict. The false testimony made by the school IT specialist indicated that the virus protection was updated weekly when in fact they were not since computer logs and the signatures clearly showed that virus updates were no longer supported by the vendor. The updates may have been performed but against files that had no new updates for many months. The IT Manager who testified also incorrectly claimed that adware was not able to generate pornography and especially not “endless loop pornography”. This information was received as a fact by the non-technical jury and incredibly not refuted by the defense. The detective for the prosecution also stated that his testimony was based completely on the product ComputerCop which the vendor admits is incapable of determining if a website was visited purposefully or unintentionally. The forensic detective astoundingly admitted that he did not examine the computer for the presence of adware (Eckelberry et al., 2007, p. 7-10). The case against Amero was largely based on testimony stating that she deliberately visited the offensive pornographic websites and that the sites visited subsequently showed the links in red. The post-trial investigative team quickly verified that the ‘sites visited’ color setting in Internet Explorer on the suspect machine was set to “96,100,32” which is a greenish- gray color. One of the web pages that the defendant allegedly visited had an HTML override to highlight one of the links presented in red and was not colored based on a deliberate visit to the site. According to Eckelberry et al. (2007) the page in question was not discovered in “any of the caches or Internet history files or the Internet History DAT files. The post-trial investigative team through meticulous investigation and use of the scientific method were able to present facts that were “exculpatory evidence showing that the link was never clicked on by the defendant” or any other person, and disproved most of
the statements made by the forensics examiner and the witnesses for the prosecution (Eckelberry et al., 2007, p. 12- 14). The prosecution testimony stated that there was no evidence of uncontrollable pop ups found on the suspect machine, however, the post-trial investigative team discovered irrefutable evidence that the page in question was loaded twenty-one times in one second using a computer forensics tool called X-Ways Trace. Eckleberry et al. (2007) detail many other instances where testimony was haphazard and discovered that a Halloween screen saver was the source of the adware that presented the continuous stream of pornographic sites. The chain of custody was also compromised in that the disk image was from a Dell PC but the defense witness saw a Gateway PC stored at the police station. The officer reportedly seized a computer but the police report contradicts this and states that only a drive was taken (Eckelberry et al., 2007, p. 14-17). The case described and investigated by Eckelberry et al. (2007) resembles a staged blunder designed as a humorous sample case for beginning forensic students to discuss. The case was however very real and even though the defendant was eventually acquitted she suffered lasting harm from the notoriety based on the initial conviction of contributing to the delinquency of minors. If the prosecution or defense had investigated the evidence using the scientific method and maintained a credible chain of custody, or at least used clear critical thinking while performing a thorough forensic investigation this case may never have gone to trial. It wasted the time and resources of judge, jury, and countless other participants in the trial and permanently damaged an innocent victim (Eckelberry et al., 2007). Conclusion The scientific method is a process that allows confidence in a hypothesis when it can be subjected to repeated identical tests. The use of the scientific method not only provides a methodical structure to a forensic investigation, it lends
credibility to a case in the very nature of the steps used to document and diligently test any given hypothesis. The case independently investigated post-trial by Eckelberry et al. (2007) was performed by a team of trained experts who were well aware of the necessity of the methodical requirements and necessity of the scientific method of discovery. Their findings proved that the suspect was in fact a victim of poorly maintained computers by a local Connecticut school system, that the forensic expert and witnesses who testified in the case were untrained and uninformed and used inadequate tools for the investigation. Cases such as State of Connecticut v. Julie Amero illustrate the importance of using the scientific method, and the necessity of proper training in the art and science of digital forensics. References Carrier, B. (2002, October). Open Source Digital Forensics Tools: The Legal Argument. In @ Stake Inc. Retrieved September 8, 2011, from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.19.78 99&rep=rep1&type=pdf Casey, E. (Ed.). (2010). Handbook of Digital Forensics and Investigation (Kindle ed.). Burlington, MA: Elsevier, Inc. Eckelberry, A., Dardick, G., Folkerts, J., Shipp, A., Sites, E., Stewart, J., & Stuart, R. (2007, March 21). Technical Review of the Trial Testimony of State of Connecticut vs. Julie Amero. Retrieved September 9, 2011, from http://www.sunbelt- software.com/ihs/alex/julieamerosummary.pdf Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to Computer Forensics and Investigations (4th ed.). Boston, MA: Course Technology, Cengage Learning. Peisert, S., Bishop, M., & Marzullo, K. (2008, April). Computer Forensics in Forensis. Retrieved September 8, 2011, from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.140.3
949&rep=rep1&type=pdf

Recommended

1- How could you approach a task to create a stakeholder’s managem.docx
1- How could you approach a task to create a stakeholder’s managem.docx1- How could you approach a task to create a stakeholder’s managem.docx
1- How could you approach a task to create a stakeholder’s managem.docx
aulasnilda
 
DOJ
DOJDOJ
DOJ
Andrei Bujaki
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
Johnson Ubah
 
Electronic Evidence Power Point V6 Final
Electronic Evidence Power Point V6 FinalElectronic Evidence Power Point V6 Final
Electronic Evidence Power Point V6 Final
William Hamilton
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
amiable_indian
 
Evidence Integrity And Evidence Continuity Essay
Evidence Integrity And Evidence Continuity EssayEvidence Integrity And Evidence Continuity Essay
Evidence Integrity And Evidence Continuity Essay
Jessica Howard
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
Josh Moulin: Designing a Mobile Digital Forensic Lab on a Budget
Josh Moulin: Designing a Mobile Digital Forensic Lab on a BudgetJosh Moulin: Designing a Mobile Digital Forensic Lab on a Budget
Josh Moulin: Designing a Mobile Digital Forensic Lab on a Budget
Josh Moulin, MSISA,CISSP
 

Recommended

1- How could you approach a task to create a stakeholder’s managem.docx
1- How could you approach a task to create a stakeholder’s managem.docx1- How could you approach a task to create a stakeholder’s managem.docx
1- How could you approach a task to create a stakeholder’s managem.docx
aulasnilda
 
DOJ
DOJDOJ
DOJ
Andrei Bujaki
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
Johnson Ubah
 
Electronic Evidence Power Point V6 Final
Electronic Evidence Power Point V6 FinalElectronic Evidence Power Point V6 Final
Electronic Evidence Power Point V6 Final
William Hamilton
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
amiable_indian
 
Evidence Integrity And Evidence Continuity Essay
Evidence Integrity And Evidence Continuity EssayEvidence Integrity And Evidence Continuity Essay
Evidence Integrity And Evidence Continuity Essay
Jessica Howard
 
01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world01 computer%20 forensics%20in%20todays%20world
01 computer%20 forensics%20in%20todays%20world
Aqib Memon
 
Josh Moulin: Designing a Mobile Digital Forensic Lab on a Budget
Josh Moulin: Designing a Mobile Digital Forensic Lab on a BudgetJosh Moulin: Designing a Mobile Digital Forensic Lab on a Budget
Josh Moulin: Designing a Mobile Digital Forensic Lab on a Budget
Josh Moulin, MSISA,CISSP
 
iConference Popovsky
iConference PopovskyiConference Popovsky
iConference Popovsky
Brian Rowe
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation Model
CSCJournals
 
A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic Evidences
BRNSSPublicationHubI
 
Computer Assisted Review and Reasonable Solutions under Rule26
Computer Assisted Review and Reasonable Solutions under Rule26Computer Assisted Review and Reasonable Solutions under Rule26
Computer Assisted Review and Reasonable Solutions under Rule26
Michael Geske
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Anne ndolo
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docx
smile790243
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
Atul Rai
 
Digital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the courtDigital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the court
Cell Site Analysis (CSA)
 
Wearable Technology
Wearable TechnologyWearable Technology
Wearable Technology
Kim Arnott
 
The Investigative Lab - Nuix
The Investigative Lab - NuixThe Investigative Lab - Nuix
The Investigative Lab - Nuix
Nuix
 
The Investigative Lab - White Paper
The Investigative Lab - White PaperThe Investigative Lab - White Paper
The Investigative Lab - White Paper
Nuix
 
Cyber Security 1215
Cyber Security 1215Cyber Security 1215
Cyber Security 1215
Firoze Hussain
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
Teja Bheemanapally
 
Running head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docx
Running head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docxRunning head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docx
Running head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docx
toltonkendal
 
Electronic evidence
Electronic evidenceElectronic evidence
Electronic evidence
Ronak Karanpuria
 
Legal Technology 2011 and the Paralegal
Legal Technology 2011 and the ParalegalLegal Technology 2011 and the Paralegal
Legal Technology 2011 and the Paralegal
Aubrey Owens
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
Surajgroupsvideo
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
CSCJournals
 
Predict Conference: Data Analytics for Digital Forensics and Cybersecurity
Predict Conference: Data Analytics for Digital Forensics and CybersecurityPredict Conference: Data Analytics for Digital Forensics and Cybersecurity
Predict Conference: Data Analytics for Digital Forensics and Cybersecurity
Mark Scanlon
 
Junk Science On Trial
Junk Science On TrialJunk Science On Trial
Junk Science On Trial
Daniel Brodsky
 
Running Head W2 Case StudiesW2 Case Studies2.docx
Running Head W2 Case StudiesW2 Case Studies2.docxRunning Head W2 Case StudiesW2 Case Studies2.docx
Running Head W2 Case StudiesW2 Case Studies2.docx
jenkinsmandie
 
Running head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docx
Running head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docxRunning head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docx
Running head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docx
jenkinsmandie
 

More Related Content

Similar to Running Head THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS .docx

iConference Popovsky
iConference PopovskyiConference Popovsky
iConference Popovsky
Brian Rowe
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation Model
CSCJournals
 
A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic Evidences
BRNSSPublicationHubI
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docx
smile790243
 
Digital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the courtDigital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the court
Cell Site Analysis (CSA)
 
Wearable Technology
Wearable TechnologyWearable Technology
Wearable Technology
Kim Arnott
 
Running head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docx
Running head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docxRunning head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docx
Running head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docx
toltonkendal
 
Legal Technology 2011 and the Paralegal
Legal Technology 2011 and the ParalegalLegal Technology 2011 and the Paralegal
Legal Technology 2011 and the Paralegal
Aubrey Owens
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
CSCJournals
 
Predict Conference: Data Analytics for Digital Forensics and Cybersecurity
Predict Conference: Data Analytics for Digital Forensics and CybersecurityPredict Conference: Data Analytics for Digital Forensics and Cybersecurity
Predict Conference: Data Analytics for Digital Forensics and Cybersecurity
Mark Scanlon
 

Similar to Running Head THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS .docx (20)

iConference Popovsky
iConference PopovskyiConference Popovsky
iConference Popovsky
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation Model
 
A Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic EvidencesA Review on Recovering and Examining Computer Forensic Evidences
A Review on Recovering and Examining Computer Forensic Evidences
 
Computer Assisted Review and Reasonable Solutions under Rule26
Computer Assisted Review and Reasonable Solutions under Rule26Computer Assisted Review and Reasonable Solutions under Rule26
Computer Assisted Review and Reasonable Solutions under Rule26
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docx
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
Digital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the courtDigital Evidence - the defence, prosecution, & the court
Digital Evidence - the defence, prosecution, & the court
 
Wearable Technology
Wearable TechnologyWearable Technology
Wearable Technology
 
The Investigative Lab - Nuix
The Investigative Lab - NuixThe Investigative Lab - Nuix
The Investigative Lab - Nuix
 
The Investigative Lab - White Paper
The Investigative Lab - White PaperThe Investigative Lab - White Paper
The Investigative Lab - White Paper
 
Cyber Security 1215
Cyber Security 1215Cyber Security 1215
Cyber Security 1215
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
Running head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docx
Running head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docxRunning head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docx
Running head RESEARCH REPORT TOPIC OUTLINERESEARCH REPORT TOPIC.docx
 
Electronic evidence
Electronic evidenceElectronic evidence
Electronic evidence
 
Legal Technology 2011 and the Paralegal
Legal Technology 2011 and the ParalegalLegal Technology 2011 and the Paralegal
Legal Technology 2011 and the Paralegal
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
 
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer CrimeComputer Forensic: A Reactive Strategy for Fighting Computer Crime
Computer Forensic: A Reactive Strategy for Fighting Computer Crime
 
Predict Conference: Data Analytics for Digital Forensics and Cybersecurity
Predict Conference: Data Analytics for Digital Forensics and CybersecurityPredict Conference: Data Analytics for Digital Forensics and Cybersecurity
Predict Conference: Data Analytics for Digital Forensics and Cybersecurity
 
Junk Science On Trial
Junk Science On TrialJunk Science On Trial
Junk Science On Trial
 

More from jenkinsmandie

Running Head W2 Case StudiesW2 Case Studies2.docx
Running Head W2 Case StudiesW2 Case Studies2.docxRunning Head W2 Case StudiesW2 Case Studies2.docx
Running Head W2 Case StudiesW2 Case Studies2.docx
jenkinsmandie
 
Running head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docx
Running head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docxRunning head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docx
Running head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docx
jenkinsmandie
 
Running head VIGNETTE ONEVIGNETTE ONE 2VIGNETTE ONE .docx
Running head VIGNETTE ONEVIGNETTE ONE 2VIGNETTE ONE .docxRunning head VIGNETTE ONEVIGNETTE ONE 2VIGNETTE ONE .docx
Running head VIGNETTE ONEVIGNETTE ONE 2VIGNETTE ONE .docx
jenkinsmandie
 
Running Head VIGNETTE ONE2VIGNETTE ONE ANALYSIS.docx
Running Head VIGNETTE ONE2VIGNETTE ONE ANALYSIS.docxRunning Head VIGNETTE ONE2VIGNETTE ONE ANALYSIS.docx
Running Head VIGNETTE ONE2VIGNETTE ONE ANALYSIS.docx
jenkinsmandie
 
Running head UNIT 6 ANNOTATED BIBLIOGRAPHY ASSIGNMENT 1 U.docx
Running head UNIT 6 ANNOTATED BIBLIOGRAPHY ASSIGNMENT 1 U.docxRunning head UNIT 6 ANNOTATED BIBLIOGRAPHY ASSIGNMENT 1 U.docx
Running head UNIT 6 ANNOTATED BIBLIOGRAPHY ASSIGNMENT 1 U.docx
jenkinsmandie
 
Running head VULNARABE POPULATION 1VULNARABLE POPULATION .docx
Running head VULNARABE POPULATION 1VULNARABLE POPULATION .docxRunning head VULNARABE POPULATION 1VULNARABLE POPULATION .docx
Running head VULNARABE POPULATION 1VULNARABLE POPULATION .docx
jenkinsmandie
 
Running head UNDERSTANDING THE TARGET MARKETS .docx
Running head UNDERSTANDING THE TARGET MARKETS .docxRunning head UNDERSTANDING THE TARGET MARKETS .docx
Running head UNDERSTANDING THE TARGET MARKETS .docx
jenkinsmandie
 
Running head VETERANS PTSD CAUSES, TREATMENTS, AND SUPPORT SYSTEM.docx
Running head VETERANS PTSD CAUSES, TREATMENTS, AND SUPPORT SYSTEM.docxRunning head VETERANS PTSD CAUSES, TREATMENTS, AND SUPPORT SYSTEM.docx
Running head VETERANS PTSD CAUSES, TREATMENTS, AND SUPPORT SYSTEM.docx
jenkinsmandie
 
Running head UNITED STATES COAST GUARD1UNITED STATES COAST G.docx
Running head UNITED STATES COAST GUARD1UNITED STATES COAST G.docxRunning head UNITED STATES COAST GUARD1UNITED STATES COAST G.docx
Running head UNITED STATES COAST GUARD1UNITED STATES COAST G.docx
jenkinsmandie
 
Running head VALUES AND NORMS INSIDE A TATTOO PARLORVALUES AND .docx
Running head VALUES AND NORMS INSIDE A TATTOO PARLORVALUES AND .docxRunning head VALUES AND NORMS INSIDE A TATTOO PARLORVALUES AND .docx
Running head VALUES AND NORMS INSIDE A TATTOO PARLORVALUES AND .docx
jenkinsmandie
 
Running Head VIGNETTE ONE5VIGNETTE ONE ANALYSIS.docx
Running Head VIGNETTE ONE5VIGNETTE ONE ANALYSIS.docxRunning Head VIGNETTE ONE5VIGNETTE ONE ANALYSIS.docx
Running Head VIGNETTE ONE5VIGNETTE ONE ANALYSIS.docx
jenkinsmandie
 
Running head USING IT TO MODEL BEHAVIOR FOR POLICY MAKING .docx
Running head USING IT TO MODEL BEHAVIOR FOR POLICY MAKING .docxRunning head USING IT TO MODEL BEHAVIOR FOR POLICY MAKING .docx
Running head USING IT TO MODEL BEHAVIOR FOR POLICY MAKING .docx
jenkinsmandie
 
Running head USING BENTONITE TO EXTRACT CU2+1USING BENTONITE.docx
Running head USING BENTONITE TO EXTRACT CU2+1USING BENTONITE.docxRunning head USING BENTONITE TO EXTRACT CU2+1USING BENTONITE.docx
Running head USING BENTONITE TO EXTRACT CU2+1USING BENTONITE.docx
jenkinsmandie
 
Running Head UNIT 6 ASSIGNMENT 1 .docx
Running Head UNIT 6 ASSIGNMENT 1 .docxRunning Head UNIT 6 ASSIGNMENT 1 .docx
Running Head UNIT 6 ASSIGNMENT 1 .docx
jenkinsmandie
 
Running head UNIT 2 ASSIGNMENT 1 Unit 2 Assignment St.docx
Running head UNIT 2 ASSIGNMENT 1 Unit 2 Assignment St.docxRunning head UNIT 2 ASSIGNMENT 1 Unit 2 Assignment St.docx
Running head UNIT 2 ASSIGNMENT 1 Unit 2 Assignment St.docx
jenkinsmandie
 
Running head Uber Case Study2Uber Case Study.docx
Running head Uber Case Study2Uber Case Study.docxRunning head Uber Case Study2Uber Case Study.docx
Running head Uber Case Study2Uber Case Study.docx
jenkinsmandie
 
Running Head Unit I1Running Head Unit IUnit I.docx
Running Head Unit I1Running Head Unit IUnit I.docxRunning Head Unit I1Running Head Unit IUnit I.docx
Running Head Unit I1Running Head Unit IUnit I.docx
jenkinsmandie
 
Running Head TYPOLOGY 1 TYPOLOGY 5 Typology The s.docx
Running Head TYPOLOGY 1 TYPOLOGY 5 Typology The s.docxRunning Head TYPOLOGY 1 TYPOLOGY 5 Typology The s.docx
Running Head TYPOLOGY 1 TYPOLOGY 5 Typology The s.docx
jenkinsmandie
 
Running head U.S. HEALTHCARE EXECUTIVES 1U.S. HEALTHCARE EX.docx
Running head U.S. HEALTHCARE EXECUTIVES 1U.S. HEALTHCARE EX.docxRunning head U.S. HEALTHCARE EXECUTIVES 1U.S. HEALTHCARE EX.docx
Running head U.S. HEALTHCARE EXECUTIVES 1U.S. HEALTHCARE EX.docx
jenkinsmandie
 
Running head TYPE THE TITLE OF YOUR PAPER HERE1TYPE THE T.docx
Running head TYPE THE TITLE OF YOUR PAPER HERE1TYPE THE T.docxRunning head TYPE THE TITLE OF YOUR PAPER HERE1TYPE THE T.docx
Running head TYPE THE TITLE OF YOUR PAPER HERE1TYPE THE T.docx
jenkinsmandie
 

More from jenkinsmandie (20)

Running Head W2 Case StudiesW2 Case Studies2.docx
Running Head W2 Case StudiesW2 Case Studies2.docxRunning Head W2 Case StudiesW2 Case Studies2.docx
Running Head W2 Case StudiesW2 Case Studies2.docx
 
Running head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docx
Running head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docxRunning head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docx
Running head VENICE FAMILY CLINIC 1VENICE FAMILY CLINIC.docx
 
Running head VIGNETTE ONEVIGNETTE ONE 2VIGNETTE ONE .docx
Running head VIGNETTE ONEVIGNETTE ONE 2VIGNETTE ONE .docxRunning head VIGNETTE ONEVIGNETTE ONE 2VIGNETTE ONE .docx
Running head VIGNETTE ONEVIGNETTE ONE 2VIGNETTE ONE .docx
 
Running Head VIGNETTE ONE2VIGNETTE ONE ANALYSIS.docx
Running Head VIGNETTE ONE2VIGNETTE ONE ANALYSIS.docxRunning Head VIGNETTE ONE2VIGNETTE ONE ANALYSIS.docx
Running Head VIGNETTE ONE2VIGNETTE ONE ANALYSIS.docx
 
Running head UNIT 6 ANNOTATED BIBLIOGRAPHY ASSIGNMENT 1 U.docx
Running head UNIT 6 ANNOTATED BIBLIOGRAPHY ASSIGNMENT 1 U.docxRunning head UNIT 6 ANNOTATED BIBLIOGRAPHY ASSIGNMENT 1 U.docx
Running head UNIT 6 ANNOTATED BIBLIOGRAPHY ASSIGNMENT 1 U.docx
 
Running head VULNARABE POPULATION 1VULNARABLE POPULATION .docx
Running head VULNARABE POPULATION 1VULNARABLE POPULATION .docxRunning head VULNARABE POPULATION 1VULNARABLE POPULATION .docx
Running head VULNARABE POPULATION 1VULNARABLE POPULATION .docx
 
Running head UNDERSTANDING THE TARGET MARKETS .docx
Running head UNDERSTANDING THE TARGET MARKETS .docxRunning head UNDERSTANDING THE TARGET MARKETS .docx
Running head UNDERSTANDING THE TARGET MARKETS .docx
 
Running head VETERANS PTSD CAUSES, TREATMENTS, AND SUPPORT SYSTEM.docx
Running head VETERANS PTSD CAUSES, TREATMENTS, AND SUPPORT SYSTEM.docxRunning head VETERANS PTSD CAUSES, TREATMENTS, AND SUPPORT SYSTEM.docx
Running head VETERANS PTSD CAUSES, TREATMENTS, AND SUPPORT SYSTEM.docx
 
Running head UNITED STATES COAST GUARD1UNITED STATES COAST G.docx
Running head UNITED STATES COAST GUARD1UNITED STATES COAST G.docxRunning head UNITED STATES COAST GUARD1UNITED STATES COAST G.docx
Running head UNITED STATES COAST GUARD1UNITED STATES COAST G.docx
 
Running head VALUES AND NORMS INSIDE A TATTOO PARLORVALUES AND .docx
Running head VALUES AND NORMS INSIDE A TATTOO PARLORVALUES AND .docxRunning head VALUES AND NORMS INSIDE A TATTOO PARLORVALUES AND .docx
Running head VALUES AND NORMS INSIDE A TATTOO PARLORVALUES AND .docx
 
Running Head VIGNETTE ONE5VIGNETTE ONE ANALYSIS.docx
Running Head VIGNETTE ONE5VIGNETTE ONE ANALYSIS.docxRunning Head VIGNETTE ONE5VIGNETTE ONE ANALYSIS.docx
Running Head VIGNETTE ONE5VIGNETTE ONE ANALYSIS.docx
 
Running head USING IT TO MODEL BEHAVIOR FOR POLICY MAKING .docx
Running head USING IT TO MODEL BEHAVIOR FOR POLICY MAKING .docxRunning head USING IT TO MODEL BEHAVIOR FOR POLICY MAKING .docx
Running head USING IT TO MODEL BEHAVIOR FOR POLICY MAKING .docx
 
Running head USING BENTONITE TO EXTRACT CU2+1USING BENTONITE.docx
Running head USING BENTONITE TO EXTRACT CU2+1USING BENTONITE.docxRunning head USING BENTONITE TO EXTRACT CU2+1USING BENTONITE.docx
Running head USING BENTONITE TO EXTRACT CU2+1USING BENTONITE.docx
 
Running Head UNIT 6 ASSIGNMENT 1 .docx
Running Head UNIT 6 ASSIGNMENT 1 .docxRunning Head UNIT 6 ASSIGNMENT 1 .docx
Running Head UNIT 6 ASSIGNMENT 1 .docx
 
Running head UNIT 2 ASSIGNMENT 1 Unit 2 Assignment St.docx
Running head UNIT 2 ASSIGNMENT 1 Unit 2 Assignment St.docxRunning head UNIT 2 ASSIGNMENT 1 Unit 2 Assignment St.docx
Running head UNIT 2 ASSIGNMENT 1 Unit 2 Assignment St.docx
 
Running head Uber Case Study2Uber Case Study.docx
Running head Uber Case Study2Uber Case Study.docxRunning head Uber Case Study2Uber Case Study.docx
Running head Uber Case Study2Uber Case Study.docx
 
Running Head Unit I1Running Head Unit IUnit I.docx
Running Head Unit I1Running Head Unit IUnit I.docxRunning Head Unit I1Running Head Unit IUnit I.docx
Running Head Unit I1Running Head Unit IUnit I.docx
 
Running Head TYPOLOGY 1 TYPOLOGY 5 Typology The s.docx
Running Head TYPOLOGY 1 TYPOLOGY 5 Typology The s.docxRunning Head TYPOLOGY 1 TYPOLOGY 5 Typology The s.docx
Running Head TYPOLOGY 1 TYPOLOGY 5 Typology The s.docx
 
Running head U.S. HEALTHCARE EXECUTIVES 1U.S. HEALTHCARE EX.docx
Running head U.S. HEALTHCARE EXECUTIVES 1U.S. HEALTHCARE EX.docxRunning head U.S. HEALTHCARE EXECUTIVES 1U.S. HEALTHCARE EX.docx
Running head U.S. HEALTHCARE EXECUTIVES 1U.S. HEALTHCARE EX.docx
 
Running head TYPE THE TITLE OF YOUR PAPER HERE1TYPE THE T.docx
Running head TYPE THE TITLE OF YOUR PAPER HERE1TYPE THE T.docxRunning head TYPE THE TITLE OF YOUR PAPER HERE1TYPE THE T.docx
Running head TYPE THE TITLE OF YOUR PAPER HERE1TYPE THE T.docx
 

Recently uploaded

QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
httgc7rh9c
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MysoreMuleSoftMeetup
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
Peter Brusilovsky
 

Recently uploaded (20)

COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdfDiuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
 
Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptx
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptx
 
VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptxMichaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 

Running Head THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS .docx

  • 1. Running Head: THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS 1 THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS 7 The Scientific Method Applied To Digital Forensics by student name University Course Todays date
  • 2. Abstract Computer forensics is the process of digital investigation combining technology, the science of discovery and the methodical application of legal procedures. Judges and jurors often do not understand the inner workings of computers and rely on digital forensics experts to seek evidence and provide reliable, irrefutable testimony based on their findings. The scientific method is the process of diligent, disciplined discovery where a hypothesis is formed without bias, and analysis and testing is performed with the goal of effectively proving or disproving a sound hypothesis. When investigative teams do not follow standard investigative procedures it can lead to inappropriate and inaccurate evidentiary presentations that are extremely difficult for non-technical participants to refute. The practitioners of digital forensics can make strides to measure and improve the accuracy of their findings using the scientific method. This paper includes a summary of the scientific method as applied to the emerging and growing field of digital forensics and presents details of a specific case where both the prosecution and defense would have benefitted greatly from the use of this proven method of discovery and analysis. Findings can only be deemed reasonably conclusive when the scientific process is correctly applied to an investigation, findings are repeatable and verifiable, and where both the evidence collected and the tools used are subject to the utmost scrutiny. The Scientific Method Applied To Digital Forensics
  • 3. The forensic analyst and investigator must use a unique combination of technical, investigative, and scientific skills when approaching a forensic case. Most adults remember the Scientific Method from their middle school science class as a set of six steps beginning with stating a problem, gathering information, forming a hypothesis, testing the hypothesis, analyzing the data and drawing conclusions that either support or do not support the hypothesis. Peisert, Bishop, & Marzullo (2008) note that the term computer forensics has evolved to mean “scientific tests of techniques used with the detection of crime” yet note that many academic computer scientists also use the term to refer to the “process of logging, collecting, auditing or analyzing data in a post hoc investigation”. The necessity to maintain chain of custody requires methodical and detailed procedures, as does the formulation of a legitimate and unbiased hypothesis and conclusion using the scientific method. Since many judges and jurors assume that computer forensic evidence is as “reliable and conclusive” as it is depicted on television, the legal system is unaware of the volatile nature of computer forensics investigations and the significance of a scientific approach to evidence gathering and analysis (Peisert et al., 2008). The Scientific Process as Applied to Computer Forensics Peisert et al. (2008) discuss in detail the need for the use of the scientific method in forensic investigations, not only for the process of discovery and analysis of evidence, but for measuring the accuracy of the forensic tools used in an investigation. Casey (2010) agrees, and cautions that evidence must be compared to known samples so that investigators better understand the scope and context of the evidence that is discovered or presented and to better understand the output of forensic tools. Casey (2010) further elaborates that the scientific method is a powerful tool for forensic investigators who must be neutral fact finders rather than advocates for one side of a case or the other.
  • 4. The process of creating a hypothesis and completing experiments to prove or disprove them allows an investigator to gain a concrete understanding of the digital evidence or mere traces of evidence under analysis. Casey (2010) also notes that while there is no ethical requirement to do so and may be impractical, a thorough investigative practice would consider investigation of alternate scenarios presented by defense. Forensic examination tools can contain bugs, or behave differently with various types of data and forensic images. Casey (2010) recommends that investigators examine evidence at both the physical and logical layers since both methods can provide unique perspectives, and the physical layer may not yield deleted, corrupted or hidden data. Suspects with limited technical experience can rename image files with different extensions not used for images, and those with more technical knowledge can use advanced steganography techniques to embed data within other data in an attempt to defy detection. The 2004 case of State of Connecticut v. Julie Amero in Norwich, Connecticut is one where the scientific method was clearly missing from both the defense and prosecution. Eckelberry, Dardick, Folkerts, Shipp, Sites, Stewart, & Stuart (2007) completed a comprehensive post-trial analysis of the evidence as provided to the defense and discovered very different evidentiary results using a structured scientific approach to their investigation. Amero was a substitute elementary teacher accused of displaying pornographic images that appeared on pop-up’s to her students from what ultimately was proven to be a spyware-infected school computer. The credibility of the legal system was compromised and the prosecution made a numerous incorrect assumptions based on results provided from inadequate forensic tools and poor investigative techniques (Eckelberry et al., 2007). The computer that Amero was using in her classroom was a Windows 98 machine running Internet Explorer 6.0.2800 and a trial version of Cheyenne AntiVirus that had not received an update in several years. The content filtering at the school had
  • 5. expired several months prior to the incident. The prosecution presented non-factual statements that may easily have been misconstrued by a non-technical jury and that likely caused a guilty verdict. The false testimony made by the school IT specialist indicated that the virus protection was updated weekly when in fact they were not since computer logs and the signatures clearly showed that virus updates were no longer supported by the vendor. The updates may have been performed but against files that had no new updates for many months. The IT Manager who testified also incorrectly claimed that adware was not able to generate pornography and especially not “endless loop pornography”. This information was received as a fact by the non-technical jury and incredibly not refuted by the defense. The detective for the prosecution also stated that his testimony was based completely on the product ComputerCop which the vendor admits is incapable of determining if a website was visited purposefully or unintentionally. The forensic detective astoundingly admitted that he did not examine the computer for the presence of adware (Eckelberry et al., 2007, p. 7-10). The case against Amero was largely based on testimony stating that she deliberately visited the offensive pornographic websites and that the sites visited subsequently showed the links in red. The post-trial investigative team quickly verified that the ‘sites visited’ color setting in Internet Explorer on the suspect machine was set to “96,100,32” which is a greenish- gray color. One of the web pages that the defendant allegedly visited had an HTML override to highlight one of the links presented in red and was not colored based on a deliberate visit to the site. According to Eckelberry et al. (2007) the page in question was not discovered in “any of the caches or Internet history files or the Internet History DAT files. The post-trial investigative team through meticulous investigation and use of the scientific method were able to present facts that were “exculpatory evidence showing that the link was never clicked on by the defendant” or any other person, and disproved most of
  • 6. the statements made by the forensics examiner and the witnesses for the prosecution (Eckelberry et al., 2007, p. 12- 14). The prosecution testimony stated that there was no evidence of uncontrollable pop ups found on the suspect machine, however, the post-trial investigative team discovered irrefutable evidence that the page in question was loaded twenty-one times in one second using a computer forensics tool called X-Ways Trace. Eckleberry et al. (2007) detail many other instances where testimony was haphazard and discovered that a Halloween screen saver was the source of the adware that presented the continuous stream of pornographic sites. The chain of custody was also compromised in that the disk image was from a Dell PC but the defense witness saw a Gateway PC stored at the police station. The officer reportedly seized a computer but the police report contradicts this and states that only a drive was taken (Eckelberry et al., 2007, p. 14-17). The case described and investigated by Eckelberry et al. (2007) resembles a staged blunder designed as a humorous sample case for beginning forensic students to discuss. The case was however very real and even though the defendant was eventually acquitted she suffered lasting harm from the notoriety based on the initial conviction of contributing to the delinquency of minors. If the prosecution or defense had investigated the evidence using the scientific method and maintained a credible chain of custody, or at least used clear critical thinking while performing a thorough forensic investigation this case may never have gone to trial. It wasted the time and resources of judge, jury, and countless other participants in the trial and permanently damaged an innocent victim (Eckelberry et al., 2007). Conclusion The scientific method is a process that allows confidence in a hypothesis when it can be subjected to repeated identical tests. The use of the scientific method not only provides a methodical structure to a forensic investigation, it lends
  • 7. credibility to a case in the very nature of the steps used to document and diligently test any given hypothesis. The case independently investigated post-trial by Eckelberry et al. (2007) was performed by a team of trained experts who were well aware of the necessity of the methodical requirements and necessity of the scientific method of discovery. Their findings proved that the suspect was in fact a victim of poorly maintained computers by a local Connecticut school system, that the forensic expert and witnesses who testified in the case were untrained and uninformed and used inadequate tools for the investigation. Cases such as State of Connecticut v. Julie Amero illustrate the importance of using the scientific method, and the necessity of proper training in the art and science of digital forensics. References Carrier, B. (2002, October). Open Source Digital Forensics Tools: The Legal Argument. In @ Stake Inc. Retrieved September 8, 2011, from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.19.78 99&rep=rep1&type=pdf Casey, E. (Ed.). (2010). Handbook of Digital Forensics and Investigation (Kindle ed.). Burlington, MA: Elsevier, Inc. Eckelberry, A., Dardick, G., Folkerts, J., Shipp, A., Sites, E., Stewart, J., & Stuart, R. (2007, March 21). Technical Review of the Trial Testimony of State of Connecticut vs. Julie Amero. Retrieved September 9, 2011, from http://www.sunbelt- software.com/ihs/alex/julieamerosummary.pdf Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to Computer Forensics and Investigations (4th ed.). Boston, MA: Course Technology, Cengage Learning. Peisert, S., Bishop, M., & Marzullo, K. (2008, April). Computer Forensics in Forensis. Retrieved September 8, 2011, from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.140.3