Private and Public Digital Evidence and Forensic Investigation computer class This article discusses the specific

sub-field of digital forensics and the types of crimes that would need digital forensics for an investigation. Digital Forensics This sub-field of forensics examines data and information from computer storage media so that it may be used as evidence in a court of law or to answer a specif ic legal question as it may need. For example in private investigations, digital forensics investigator may use di gital forensics at the request of a private attorney for a defendant in a public case. And evidence may be gathered to prove that an employee is using company r esources for personal private business use such as selling goods online or visit ing the site that is against the company rules and regulation about Information technology. In this case, the employee may be subject to disciplinary action by the company, more personal liability, and perhaps criminal liability. More so, evidence that proves an employee has violated an employment agreement. For example, evidence may be gathered that proves an employee accessed records o r other information without authorization. It may also give that one employee ha s harassed another employee or perhaps stolen company information. While public investigations require digital forensics only when a crime has been committed and computers can be used in crimes in one of the following ways, suc h as, Crimes associated with the prevalence of computers i.e. copyright violatio ns, crimes in which computer is the instrument of the crime or crime in which co mputer are incidental to another crime such as using it to store illegal records and crimes in which the computer is the target such as crimes that involve stea ling information from a computer or denial of service crimes. Digital Evidence Collection The collection of digital evidence may have several prominent roles in collectio n. These roles may include: Physical Technology Collection: Investigators will collect the physical media. P hysical media is any technology that stores data or information. E.g. hard disks , PDAs, flash and other electronic devices. Physical Media Analysis: Investigators will analyze the physical evidence for fi nger prints or other evidence found on the surfaces of the physical technology. This role requires a deep understanding of the technology and may be able to aid the roles of digital evidence collection and digital evidence analysis even whe n the physical device is severely damaged. Digital Evidence Collection: Investigators will collect the digital data from th e physical device. Here, the evidence is the full set of files, folders, and bit s stored on the physical media. Digital Evidence Analysis: Investigators will analyze the data collected. Analys is of digital evidence may show hidden information. Digital Evidence Digital evidence is both the full set of bits, bytes, and blocks retrieved from the technology. It is also any subset of that full set such as e-mail, log files , text documents, spreadsheets, and other files.

Digital evidence has several unique challenges and questions that must be addres sed. The highest challenge is found in modern computers which are implanted as m ulti-user systems with potentially hundreds of users. Since evidence must conclu sively show facts in an investigation, it becomes critical to clear up ambiguiti es of who owns the data, how the data came to be on the system, and who or what originated the data. Another concern is the legal issues surrounding the collection of evidence from privately owned devices such as cell phones in private investigations as well th e expectation of privacy for employees using company provided resources. While n o clear answers have emerged, many businesses specify the proper use of their as sets and need employees to waive any such rights to privacy on company assets as part of their employment contract. Furthermore, this issue has recently become more complicated with the onset of f ree publicly available encryption technologies. This specific question is whethe r or not a user retains an expectation of privacy by using encryption on company assets. Clearly, the company has the right to the encrypted version of the data ; but does the company have the right to mandate the employee offer an unencrypt ed version? Subsequently, can a person be ordered by a court of law to give a pa ssword to law enforcement to decrypt the digital evidence? One may be tempted to argue that no digital bit has ever been seen, so plain sig ht is not possible and not an issue. This issue of privacy raises the question o f "plain sight" while collecting evidence from digital sources. Others may argue that a permit to collect any digital evidence stored on a disk or computer devi ce is enough to collect any and all evidence from a computer for any crime. The plain sight doctrine is best interpreted conservatively so that any seizure of evidence of one crime revealed during the search for evidence for another cri me should be then justified by a permit. http://bestcomputerclass.blogspot.com/2013/01/Public.html