Search and Seizure of Computers
The digital age has facilitated an increase in cyber crimes. Many crimes such as child pornography, embezzlement, theft of private information and even murder among others are on the rise and can be performed using a computer system. Such unauthorized or unlawful act involving the use of computer systems or networks is referred to as a computer security incident (Nelson, Phillips & Steuart, 2010). Circumstances of this nature call for the forensic investigation to ascertain facts and evidence that can be used in a court of law for criminal proceedings. This paper will suggest possible actions to be done to collect evidence from three sets of computers associated with Tom Brown, a primary murder suspect, and the expected obstacles during this process.
Since murder is a serious crime, as a detective I first need to get a search warrant to impound and analyze the contents of Brown’s computers for evidence. It is imperative to seize the computers at home to avoid any likelihood of interfering with getting necessary evidence. I will obtain appropriate information to determine the suitable response (Nelson, Phillips & Steuart, 2010). Formulating the strategy that will be used to collect data is also very important. It will help me determine the right actions after drawing the conclusions.
Securing the suspected materials, in this case, the computers, using the proper chain of custody will be my next move. Consequently, I will make mirror or full copies of the digital data recovered from these sources using a suitable process to avoid alteration of files and data.
At this point, I will make use of evidence collection kits, entailing hardware, and software tools to get the information successfully, while making sure that the original media is not compromised or damaged in any way. I will also be cautious to avoid any superfluous materials contaminating the copies of evidence.
I will retain any data that exists in “free form”, as well as recovering the deleted files on the computer hard disks by use of the mirror copies (Nelson, Phillips & Steuart, 2010). It is critical to maintain a comprehensive and full audit trail of the steps executed in the previous processes and finally ensure that all privacy issues linked to the digital evidence, including client-attorney privileges, which are not violated by other experts dealing with an examination of this data. To finalize the process, I will accurately report my findings to the authority in a way that is helpful to decision makers.
Nelson, Phillips & Steuart (2010) explain that the whole process of computer forensic investigation has many challenges. Obtaining the appropriate search warrant may take time hampering the process of the investigation because it may give the suspect time to destroy the evidence. Additionally, the digital media may encounter alterations when computers are switched on or off, and malware may corrupt data and mystify forensic efforts.
Since most computers are connected to a home network, obtaining the evidence from such a wide system requires very high levels of technical skills, tools, and training. Getting the required data is also very tasking, since the suspect may deliberately delete some files from the hard drive. The obtained evidence may only be seen as circumstantial evidence in the court and, therefore, not sufficient to prosecute the offender (Nelson, Phillips & Steuart, 2010). On the other hand, the defense or prosecution team could repress the evidence from discovery; if they consider that it could be destructive to the case.
There are many crimes that are carried out by means of computer technology. Murder is one of them and evidence linked to this act may entail sending threats to the victim or pictures of the victim found in a computer. A computer forensic investigator can easily obtain this information from the computers, using proper evidence collecting tools. However, the process is faced with many challenges such as deliberate alteration of the evidence by the suspect, malware may corrupt the files, and the evidence may be rejected in the court.