Forensics Computing Technology to Combat Cybercrime

Total Page:16

File Type:pdf, Size:1020Kb

Forensics Computing Technology to Combat Cybercrime International Journal of Advanced Research in Basic Engineering Sciences and Technology (IJARBEST) Forensics Computing Technology to Combat Cybercrime E.Saraswathy, T.Latha Maheswari PG Scholar, Dept of Master of Computer Application Sri Krishna College of Engineering and Technology, Coimbatore, India Abstract: The advent of technological revolution requires. However, there is added complexity due in communications and information exchange to the technical nature of computer based has created sophisticated form of crime, cyber technology and has added another dimension with crime. Cybercrimes have more severe economic impacts than many conventional crimes and like digital evidence. As greater emphasis is placed on any other crime, these cyber crimes should be digital evidence, it becomes increasingly critical brought to justice. The process of gathering that the evidence be handled and examined electronic evidence of a cyber crime is known as forensic computing. This paper addresses the properly. technical aspects, while at the same time providing insights which would be helpful for the II. CYBERCRIME LANDSCAPE legal profession to better understand the unique issues related to computer forensic evidence when Cyber crime is typically described as any presented in the court of law. criminal act dealing with computers or computer Keywords— Cyber Crime, Computer Forensics, networks. It is also called by other names (e-crime, Electronic/Digital Evidence, Piracy,. computer crime or Internet crime in different jurisdictions), which have roughly the equivalent meanings. The characteristics of cyber criminals, I. INTRODUCTION cybercrime victims, and law enforcement agencies have created a vicious circle of cybercrime. Figure1 Cyberspace has no specific jurisdiction; shows this circle’s key elements. therefore, criminals can commit crime from any Cybercrimes are structurally unique in three main location through computer in the world leaving no ways: evidence to control [1]. When someone ―steals‖ They’re technologically and skill- data from cyber space or uses information for intensive. unintended purposes, it is called cyber crime. With the increase usage of computer technology, cyber They have a higher degree of globalization crime is on the rise. Like any crime, cyber Crime than conventional crimes. should be investigated and prosecuted where Given the Internet’s global nature, necessary. Computer forensics describes the cybercrimes entail important procedural practice of retrieving evidence in the form of data and jurisdictional issues. from a computer that relates to a crime in a manner Cybercrimes includes but not limited to: that meets the requirements of the given a legal Theft of telecommunications services; Communications in furtherance of System. Computer forensics evidence needs to be criminal conspiracies; handled with the same care that physical evidence ISSN(Online) : 2456-5717 91 Vol. 3, Special Issue 26, March 2017 International Journal of Advanced Research in Basic Engineering Sciences and Technology (IJARBEST) Information piracy, counterfeiting and storage in the future. Data stored on these devices, forgery; while potentially of tremendous value in the Dissemination of offensive material; investigation, prosecution and prevention of crime, Electronic money laundering and tax presents unique challenges to detectives and evasion; prosecutors because of its potentially volatile Electronic vandalism and terrorism; nature. Electronic data is fragile. It can easily be changed or eliminated by cyber criminals. This Sales and investment fraud; means that the data must not be compromised in Illegal interception telecommunications; any way. It must be able to be proven that the data Electronic funds transfer fraud. is a true representation of what happened, that it Regardless of the definitions, the use of cannot have been modified in any way, either by computers and the Internet in the commission of the intruder themselves, or the collection and crimes require investigators applying cyber examination tools. In other words, the chain of forensic techniques to extract data for those custody must be established (Sommer, 1998), Mc investigating these cases, prosecuting these cases Kemmish (2001) identifies three distinct types of and passing the ultimate judgment regarding the forensic computing: disposition of offenders and the redress of victims. A. Digital Evidence Recovery – Involves the examination of electronic devices for information III. FORENSIC COMPUTING relating to a crime, and the processes involved in Computer forensics refers to the legal collecting relevant data. processes, rules of evidence, court procedures, and B. Cyber/Intrusion Forensics – Involves detecting forensic practices used to investigate e-Crimes [2]. computer security breaches, identifying and Specifically, computer forensics is the application preserving digital evidence. of scientific, forensically sound procedures in the C. Forensic Data Analysis – Involves identifying collection, analysis, and presentation of electronic anomalies in large data sets that may indicate data. For computer evidence to be accepted in a illegal or improper acts. court of law, the forensic investigation process must identify, preserve, examine, and document IV. METHODOLOGY AND DIGITAL any computer evidence retrieved [3]. Computer EVIDENCE evidence is entirely different. It cannot be seen, Any criminal investigation follows procedures touched or smelled and it often lasts for only very which vary from one country to another, but the short periods of time. Computers typically store computer forensics investigator should follow these data in three ways, magnetic, semiconductor, and steps: optical. Other less common data storage methods Secure and isolate. include magneto-optical disk storage, optical Record the scene. jukebox storage and ultra-density optical disk Conduct a systematic search for evidence. storage. Potentially significant new developments in technology suggest that techniques like phase- change storage, holographic storage, and use of Phase 1 should be to freeze the scene of crime in molecular memory may become methods for data ISSN(Online) : 2456-5717 92 Vol. 3, Special Issue 26, March 2017 International Journal of Advanced Research in Basic Engineering Sciences and Technology (IJARBEST) order to prevent the ICT context from being kind of information and where it can be found in modified before digital traces are collected, and to the system and network is mandatory knowledge avoid giving the malicious person a chance to for digital investigators? Any computer systems modify or destroy evidence [4]. The goal of phase 1 information and communication device (electronic is to avoid the destruction or the dislocation of components, memory devices, hard discs, USB crucial data. sticks, etc.) or information it contains, are potential The investigator must classify resources to targets or instruments of crime. Each software or determine which system must be removed from the data execution or transaction leaves digital traces. scene. Identifying traces and collecting them Digital traces are volatile and rapidly removed comprises the second phase (phase 2), and this from servers. Digital evidence is even more should be followed by the data safeguarding and difficult to obtain because ICT transcends preservation phase (phase 3). At this stage, data can international boundaries [7]. In such cases, success be analyzed (phase 4) and subsequently presented depends on the effectiveness of international in a comprehensive way for non-experts and legal cooperation between legal authorities and the speed experts (phase 5). The purpose of any investigation with which action is taken. One of the most is to discover and present facts that contribute to important features is the duration during which establishing the truth. It is not enough to be a good Internet Service Providers (ISP) keep information computer specialist, he should be aware of the legal concerning user subscriptions and activities (IP framework and constraints in order to perform a addresses, connection data, etc.). The retention useful computer investigation. If this were not the period, during which data is available in order to case, the results of the investigation could be retrieve someone’s identity from his IP address, compromised and thrown out by the court because varies from one country to another [8]. Legal of an insufficient or incorrect evidence-gathering systems must give law enforcement agencies the process. A common vocabulary between police appropriate authority to access traffic data. force, justice and forensics should exist. Procedures Countries should improve international cooperation should be set up in order to increase computer and be able to share critical information quickly, investigation performance and reliability [5]. The otherwise digital evidence may disappear. For resulting investigation report should be easily Instant Messaging services and Peer-to-Peer or comprehensible and must describe in detail all the Internet Relay Chat facilities, logs and historical operations performed and procedures followed in content of communications are kept for only a few order to gather electronic evidence. Investigators days. An IP address identifies a computer, not a with an understanding of information and person and criminals use false or stolen identities communication technologies should use in [9]. It is always very difficult to establish the conjunction with effective
Recommended publications
  • Part 1 Digital Forensics Module Jaap Van Ginkel Silvio Oertli
    Part 1 Digital Forensics Module Jaap van Ginkel Silvio Oertli July 2016 Agenda • Part 1: Introduction – Definitions / Processes • Part 2: Theory in Practice – From planning to presentation • Part 3: Live Forensics – How to acquire a memory image – Investigate the image • Part 4: Advanced Topics – Tools – Where to go from here – And more 2 Disclaimer§ • A one or two-day course on forensics will not make you a forensics expert. – Professionals spend most of their working time performing forensic analysis and thus become an expert. • All we can offer is to shed some light on a quickly developing and broad field and a chance to look at some tools. • We will mostly cover Open Source Forensic Tools. 3 Introduction Forensics in History 4 Forensics – History 2000 BC 1200 BC 5 Introduction Definitions / Processes 6 Forensics – The Field digital forensics Computer Forensics Disk Forensics Mobil Forensics Memory Forensics Datenbase Forensics Live Forensics Network Forensics 7 Forensics - Definition • Digital Forensics [1]: – Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. • Computer Forensics [2]: – Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information. 8 Forensics - Definitions • Network Forensics [3]: – Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.[1] Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information.
    [Show full text]
  • Guidelines on Mobile Device Forensics
    NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Sam Brothers Wayne Jansen http://dx.doi.org/10.6028/NIST.SP.800-101r1 NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Software and Systems Division Information Technology Laboratory Sam Brothers U.S. Customs and Border Protection Department of Homeland Security Springfield, VA Wayne Jansen Booz Allen Hamilton McLean, VA http://dx.doi.org/10.6028/NIST.SP. 800-101r1 May 2014 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. § 3541 et seq., Public Law (P.L.) 107-347. NIST is responsible for developing information security standards and guidelines, including minimum requirements for Federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate Federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in Circular A- 130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in Circular A- 130, Appendix III, Security of Federal Automated Information Resources. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on Federal agencies by the Secretary of Commerce under statutory authority.
    [Show full text]
  • Digital Forensics Based Analysis of Mobile Phones
    Journal of Android and IOS Applications and Testing Volume 4 Issue 3 Digital Forensics Based Analysis of Mobile Phones Pooja V Chavan PG Student, Department of Computer Engineering, K. J. Somaiya College of Engineering, Mumbai, Maharashtra, India Email: [email protected] DOI: Abstract Now-a-day’s ratio of mobile phone is increasing day by day. Digital forensics methodology is use to recover and investigate data that found in a digital devices. Mobile phone usage is more that’s why not only judicial events occurred but also mobile forensics and subdivision of digital forensics are emerged. Some hardware and software are used for mobile phone investigations. Keywords: Digital forensics, digital devices, mobile phone INTRODUCTION because electronic device have a variety of Forensic science’s subdivision is a digital different operating system, technology, forensic, is a one type of process. The storage structure, Features. First identify main objective of this process to find the crime after that digital forensic work evidence in digital devices [1]. Digital on four important steps (Figure 1): forensics are used for the analysis of data, such as audio, video, pictures, etc. After • Collection: The collected of evidence the analysis of electronic devices data that like fingerprints, broken fingernails help for legal process. The usage of blood and body fluids. advanced technology is increasing rapidly. • Examination: The examination of Electronic device have a variety of product process is depending on evidence. like tablet, flash memory, memory card, • Analysis: The crime scenes obtain SD card, etc. When forensic analysis is different digital evidence, analysis is performed at that time data should be done on storage evidence this secure.
    [Show full text]
  • Hacking Exposed Computer Forensics, Second Edition, Delivers the Most Valuable Insight on the Market
    HACKING EXPOSED™ COMPUTER FORENSICS SECOND EDITION REVIEWS “This book provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties all the complex pieces together with real-world case studies. With so many books on the topic of computer forensics, Hacking Exposed Computer Forensics, Second Edition, delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations.” —Brian H. Karney, COO, AccessData Corporation “Hacking Exposed Computer Forensics is a ‘must-read’ for information security professionals who want to develop their knowledge of computer forensics.” —Jason Fruge, Director of Consulting Services, Fishnet Security 00-FM.indd i 8/23/2009 3:54:42 AM “Computer forensics has become increasingly important to modern incident responders attempting to defend our digital castles. Hacking Exposed Computer Forensics, Second Edition, picks up where the first edition left off and provides a valuable reference, useful to both beginning and seasoned forensic professionals. I picked up several new tricks from this book, which I am already putting to use.” —Monty McDougal, Raytheon Information Security Solutions, and author of the Windows Forensic Toolchest (WFT) (www.foolmoon.net) “Hacking Exposed Computer Forensics, Second Edition, is an essential reference for both new and seasoned investigators. The second edition continues to provide valuable information in a format that is easy to understand and reference.” —Sean Conover, CISSP, CCE, EnCE “This book is an outstanding point of reference for computer forensics and certainly a must-have addition to your forensic arsenal.” —Brandon Foley, Manager of Enterprise IT Security, Harrah’s Operating Co.
    [Show full text]
  • Purpose of Computer and Network Forensics
    Purpose of Computer and Network Forensics Table of Contents Purpose of Computer and Network Forensics ................................................................................ 2 What Is Digital Forensics? ............................................................................................................... 3 Need for Digital Forensics -1 ........................................................................................................... 4 Need for Digital Forensics -2 ........................................................................................................... 6 Purpose of Digital Forensics ............................................................................................................ 8 Notices .......................................................................................................................................... 12 Page 1 of 12 Purpose of Computer and Network Forensics Purpose of Computer and Network Forensics 4 **004 Okay. So we'll start out with the purpose of computer and network forensics. Page 2 of 12 What Is Digital Forensics? What Is Digital Forensics? As defined in NIST Guide to Integrating Forensic Techniques into Incident Response: “Application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data” Also known as or called computer forensics and network forensics, and includes mobile device forensics All better called one term: Digital
    [Show full text]
  • Winter 2016 E-Newsletter
    WINTER 2016 E-NEWSLETTER At Digital Mountain we assist our clients with their e-discovery, computer forensics and cybersecurity needs. With increasing encryption usage and the recent news of the government requesting Apple to provide "backdoor" access to iPhones, we chose to theme this E-Newsletter on the impact data encryption has on attorneys, litigation support professionals and investigators. THE SHIFTING LANDSCAPE OF DATA ENCRYPTION TrueCrypt, a free on-the-fly full disk encryption product, was the primary cross-platform solution for practitioners in the electronic discovery and computer forensics sector. Trusted and widely adopted, TrueCrypt’s flexibility to perform either full disk encryption or encrypt a volume on a hard drive was an attractive feature. When TrueCrypt encrypted a volume, a container was created to add files for encryption. As soon as the drive was unmounted, the data was protected. The ability to add a volume to the original container, where any files or the folder structure could be hidden within an encrypted volume, provided an additional benefit to TrueCrypt users. However, that all changed in May 2014 when the anonymous team that developed TrueCrypt decided to retire support for TrueCrypt. The timing of TrueCrypt’s retirement is most often credited to Microsoft’s ending support of Windows XP. The TrueCrypt team warned users that without support for Windows XP, TrueCrypt was vulnerable. Once support for TrueCrypt stopped, trust continued to erode as independent security audits uncovered specific security flaws. In the wake of TrueCrypt’s demise, people were forced to look for other encryption solutions. TrueCrypt’s website offered instructions for users to migrate to BitLocker, a full disk encryption program available in certain editions of Microsoft operating systems beginning with Windows Vista.
    [Show full text]
  • Truecrypt Containers Is No Longer Hidden As Passware Kit Now Detects Hard Disk Images
    Contact: Nataly Koukoushkina Passware Inc. +1 (650) 472-3716 ext. 101 [email protected] Data Inside TrueCrypt Containers is No Longer Hidden as Passware Kit Now Detects Hard Disk Images The new Passware Kit scans computers and finds all encrypted containers and hard disk images, such as TrueCrypt, BitLocker, and PGP Mountain View, Calif. (May 20, 2013) – Passware, Inc., a provider of password recovery, decryption, and electronic evidence discovery software for computer forensics, law enforcement organizations, government agencies, and private investigators, announces that Passware Kit Forensic v.12.5 can now recognize hard disk images and containers, such as TrueCrypt, BitLocker, PGP, etc. during a computer scan. For a computer forensic professional this means that no evidence is hidden inside a volume. During a computer scan, which typically takes less than an hour, Passware Kit Forensic displays all encrypted files and hard disk partition images. Previously, there was no way to identify quickly an encrypted container on a file system where important data could be hidden. “One of the major obstacles in any digital investigation is the ability to examine the contents of password-protected files and hard disks,” said Dmitry Sumin, CEO of Passware, Inc. “Today more than ever, digital evidence plays an important role in many criminal investigations and Passware is often the password recovery and decryption software of choice. We allow computer forensic professionals to conduct a thorough investigation by easily identifying, detecting, and decrypting hidden files. The latest version of Passware Kit Forensic extends the success of such investigations with the ability to find all encrypted volumes on a suspect’s computer.” The latest release of Passware Kit Forensic now ensures that no evidence is hidden, as it provides users with a list of all encrypted containers, hard disk partition images, and files that look similar to containers.
    [Show full text]
  • Computer Forensics: Is It the Next Hot IT Subject? Victor G
    Proceedings of the 2005 ASCUE Conference, www.ascue.org June 12-16, 2005, Myrtle Beach, South Carolina Computer Forensics: Is it the Next Hot IT Subject? Victor G. Williams School of Information Technology American InterContinental University [email protected] Ken Revels Department Chair (Information Technology) School of Continuing Studies Mercer University 1400 Coleman Ave Macon, GA 31207 Introduction Digital Forensics is not just the recovery of data or information from computer systems and their networks. It is not a procedure that can be accomplished by software alone, and most important, it is not something that can be accomplished by other than a trained IT forensic professional. Digital Forensics is an emerging science and was developed by U.S. federal law enforcement agency during the mid to late 1980s. It is also the art of detecting, processing, and examining digital fingerprints. A Formal Definition of Computer Forensics: · The gathering and analysis of digital information in an authentic, accurate and complete form for presentation as evidence in a civil proceeding or a court of law. · The term digital evidence encompasses any and all digital data that can establish that a crime has been committed or can provide a link between a crime and its victim or a crime and its perpetrator Computer Forensics Overview Computer Forensics is the application of computer examination and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crimes or misuse, including but not limited to theft of trade secrets, theft of or destruc- tion of intellectual property, and fraud, child pornography, disputes of ownership, prevention of destruction of evidence, etc.
    [Show full text]
  • 1St Quarter 2017 Alfenezza “Ness” Ferrer Palisoc (1980—2016)
    News of the California Association of Criminalists • First Quarter 2017 From the Archives to the Future t is amazing what you can happen upon in your crime laboratory Ilibrary when looking for a book. After finding some dusty, old CAC binders, I perused past meeting minutes, newsletters, and technical presen- tations from back as far as 1954. As a new year is upon us, I wanted to take a look back at the hot button topics from each decade in California since the beginning of the CAC. Here is a summary of what I found. In the 1950’s, the CAC Newsletter published a salary survey, which is still published today. A hot topic was the formation of the Code of Ethics, which is still in effect. However, in 1956 the CAC mandated that CAC mem- bers had to reside in California. This seems preposterous, as today the CAC accepts members from all over the United States. In 1955 the executive sec- retary was instructed to contact all members who failed to attend business or technical meetings and attempt to establish 100% participation by any means possible. I wonder what would happen if we tried that today? In 1961, Paul Kirk spoke about requesting a Ph.D. program in criminal- istics at University of California Berkeley and that training, ethics, and com- petency testing were essential to becoming a professional criminalist. More college programs and other training programs were needed, and there was an outreach effort to students in order to recruit new criminalists. The same CAC President year, the hot topic of publishing a CAC scientific journal was suggested.
    [Show full text]
  • An Historical Perspective of Digital Evidence: a Forensic Scientist's View
    International Journal of Digital Evidence Spring 2002 Volume 1, Issue 1 An Historical Perspective of Digital Evidence: A Forensic Scientist’s View Carrie Morgan Whitcomb, Director, National Center for Forensic Science Author’s Comments During my tenure as director of the Postal Inspection Headquarters Laboratory (1988-1992), a Postal Inspector submitted a computer to examine for the presence of specific evidence he had enumerated in the letter of request. The evidence technician logged in the computer, assigned it a case number, and brought the request to me, inquiring “What should we do with this?” That was the beginning of an odyssey that I still pursue. The Inspection Service Laboratory had a Questioned Document Section. Since a computer seemed to be an obvious evolution of paper documents, I called the manager of that section, Drew Somerford, and asked him to take the case. He was reluctant to sign for the evidence. Even though there might have been “documents” on the hard drive, it was outside his expertise. How do you secure and preserve the evidence? How do you collect it without changing it? What are the accepted practices related to computer evidence that would stand the scrutiny of court? What are the examination protocols? It was technology that we did not know how to handle in the crime laboratory. We submitted the computer evidence to the Federal Bureau of Investigation (FBI). The FBI Laboratory had a unit for computer evidence, and they worked the case. The Postal Inspection Service had a team of inspectors who were trained to work computer crime cases, but the laboratory was not equipped to assist them in processing evidence at that time.
    [Show full text]
  • A Comparison of Computer Forensic Tools: an Open-Source Evaluation
    A Comparison of Computer Forensic Tools: An Open-Source Evaluation Adam Cervellone, B.S., Graduate Student, Marshall University Forensic Science Center, 1401 Forensic Science Drive, Huntington, WV 25701 901725850 Agency Supervisor-Robert Price Jr., M.S., Forensic Scientist I, North Carolina State Crime Laboratory, 121 E. Tryon Road, Raleigh NC 27601 Technical Assistant- Joshua Brunty, M.S., Marshall University Forensic Science Center, 1401 Forensic Science Drive, Huntington, WV, 25701 MU Topic Advisor-Terry Fenger, Ph.D., Marshall University Forensic Science Center, 1401 Forensic Science Drive, Huntington, WV, 25701 Cervellone 1 of 30 Abstract The world of digital forensics is an ever-evolving field with multiple tools for analysis from which to choose. Many of these tools have very focused functions such as Mac and iOS device analysis, registry examination, steganography analysis, mobile device examination, password recovery and countless others. Other tools are full featured suites capable of analyzing a large case containing multiple items. The major problem with many of these tools is cost. While they may be robust, they may not be affordable for a smaller lab that wants to do digital forensics. This research focuses on industry standard forensic software such as: Guidance Software® EnCase® Forensic 6, AccessData® FTK® (Forensic Toolkit) 5, as well as SANS SIFT Workstation 3.0. The SIFT Workstation is a freely available open-source processing environment that contains multiple tools with similar functionality to EnCase® and FTK®. This study evaluates the processing and analysis capabilities of each tool. In addition to processing functionality, a simple cost analysis study was done. The latter portion of the research displayed how much a lab may have to spend to get a single examiner fully on-line with each tool.
    [Show full text]
  • Computer Forensics
    Computer Forensics In This Issue Computer Forensics: Digital Forensic Analysis Methodology............ 1 January By Ovie L. Carroll, Stephen K. Brannon, and Thomas Song 2008 Vista and BitLocker and Forensics! Oh My!.......................... 9 Volume 56 By Ovie L. Carroll, Stephen K. Brannon, and Thomas Song Number 1 Demystifying the Computer Forensic Process for Trial: (Is My Witness Dr. United States Department of Justice Jekyll or Mr. Hyde?)............................................ 2 9 Executive Office for United States Attorneys By Martin J. Littlefield Washington, DC 20530 Managing Large Amounts of Electronic Evidence.................... 4 6 Kenneth E. Melson By Ovie L. Carroll, Stephen K. Brannon, and Thomas Song Director Contributors' opinions and Rethinking the Storage of Computer Evidence....................... 6 0 statements should not be considered an endorsement by By Tyler Newby and Ovie L. Carroll EOUSA for any policy, program, or service. The United States Attorneys' Bulletin is published pursuant to 28 CFR § 0.22(b). The United States Attorneys' Bulletin is published bimonthly by the Executive Office for United States Attorneys, Office of Legal Education, 1620 Pendleton Street, Columbia, South Carolina 29201. Managing Editor Jim Donovan Program Manager Nancy Bowman Internet Address www.usdoj.gov/usao/ reading_room/foiamanuals. html Send article submissions and address changes to Program Manager, United States Attorneys' Bulletin, National Advocacy Center, Office of Legal Education, 1620 Pendleton Street, Columbia, SC 29201. Computer Forensics: Digital Forensic Analysis Methodology Ovie L. Carroll and discussion. It also helps clarify the elements Director, Cybercrime Lab of the process. Many other resources are available Computer Crime and Intellectual on the section's public Web site, Property Section www.cybercrime.gov.
    [Show full text]