In the 1980s, when home computers were not yet popular and desktop systems were being developed for business and the government, the only digital forensics being practiced were used to detect and investigate hacking and computer compromise. In fact, the most common criminal act involving computers was the use of systems and dial-up modems to connect to the Department of Defense's networks to get free long distance. As home computers and desktop computers became more popular, the main communications systems for interconnectivity among computer users was through the use of dial-up commercial systems. This eventually resulted in the development of more advanced commercial networks, such as America Online (AOL). [Does anyone remember "Prodigy"?]
As with any mechanism that makes life easier for consumers, those with criminal intent developed a means to exploit those systems for other-than-lawful purposes. Thus, since they could be used for different types of criminal activity, computers became a bigger focus of the criminal justice system. A computer could be:
used to commit a crime, such as hacking or transferring private or illegal information (e.g., stolen social security numbers, credit card information, or child pornography);
used to store evidence of a crime (e.g., child pornography, a "murder list," narcotics ledgers, "cooked" accounting books); Or it could be the target of a crime.
From an national and international perspective, computers can be, and have been, used to facilitate acts of terrorism and/or threats to national security. As a result, techniques had to be developed to allow criminal justice professionals to search through digital data contained on a computer or network to identify and collect evidence.
At first, criminal justice professionals employed commercial mainstream or wide-use software that could be used to recover data or search for and recover data on a hard drive. Norton Disk Edit tools, for example, could be used to search a computer for digital evidence, but it also caused changes to the computer's data. Eventually, specialized forensic software was developed (e.g., EnCase, FTK, SMART, etc.) to more accurately collect and search digital evidence without damaging or changing its content.
Initially, the courts did not understand the technology (neither the computers nor the forensic processes and software developed to examine them), and the law was not up-to-date enough to facilitate the investigation and prosecution of technology-based crimes. Further, there were no universal digital forensic standards or established best practices that practitioners could follow and which would have helped circumvent challenges to digital evidence in court. But, fortunately, over the last twenty years or so, new laws have been enacted, created or modified to account for technology-based crimes. Digital forensic standards have been developed that are used across the discipline, and specialized tools have been developed to help law enforcement meet those standards.
So why is this important to each of you, as non-criminal justice professionals? Part of the answer is this: While conducting a forensic analysis of your organization's computers systems or networks - whether you're searching for evidence of hacking or employee misconduct, or in response to a request for discovery in a lawsuit, for example - you may come across information that could lead to a criminal prosecution. If you do not follow the same standards used by criminal justice professionals (e.g., using write-blockers, making every effort to analyze a bit-by-bit forensic copy instead of the original evidence directly), any evidence you find could be rendered inadmissible in court. However, if you perform your duties as a forensic examiner with criminal justice standards in mind, not only will it increase the utility of the digital evidence in a criminal or civil court, but it should also provide more certainty in your own results. In all situations involving the potential misuse of digital information, you should maintain a sensitivity to the potential for commercial/corporate terrorism or threats to geopolitical security.
OK, then. Here's your task for this week's discussion. Provide at least one example of how being familiar with and following 1) digital forensic best practices AND 2) criminal justice standards would benefit you, even if you worked in a non-criminal justice digital forensics position.
Discuss thoroughly. You must also respond - in a substantive, intelligent way - to at least one of your fellow classmates' postings.
just 4-5 paragraphs