Abstract
With the advent of computers, there came computer-related crimes; hence, there comes the need for cybercrime judicial proceedings. And for any trial, evidence plays an instrumental role in bringing the victim to justice. So, there is a need for digital evidence. Digital crime evidence forms a core for the field of computer forensics. Breaking down the term digital crime evidence to be understood in simple words, it is the collection of data and information that plays a crucial role in digital crime investigation and that is usually stored and transmitted in electronic formats. Digital evidence is defined as any data stored or transmitted using a computer that supports or refute a theory of how an offense occurred or that address critical elements of the offense such as intent or alibi. This data is commonly a combination of text, audio, images, and videos. This evidence is generally invisible, fragile, time-sensitive, and integrity will be lost if they are mishandled.
TopSources Of Digital Evidence
Starting from the very basics, a computer system is the primary source of digital evidence. A computer system can be a PC or a laptop. Breaking down the broad spectrum of computer systems, the following list can be arrived at:
- •
Monitor or video display device
- •
Keyboard
- •
Mouse
- •
Peripheral or externally connected drives, devices, and components.
- •
The case contains circuit boards, microprocessors, hard drives, memory, and interface connections.
Storage devices like hard drives and other removable media like floppy disks, zip disks, CDs, thumb drives (commonly called flash drives) and memory cards. Joining the list with the advent of mobile phones is a whole range of handheld devices. (Ozel Bulbul Yavuzcan, 2013).
The sources of digital evidence are many. They can be sourced from many of the electronic devices like PC, mobile phones and from the network layers like the Physical layer, Data link layer...etc. Collection of digital evidence involves a whole lot of supporting equipment like camera, cardboard boxes, notepads, gloves, evidence inventory logs, evidence tape, paper evidence bags, evidence stickers, labels, or tags, crime scene tape, antistatic bags, permanent markers, and non-magnetic tools. Electronic devices act as primary sources of solid evidence like computer documents, text and emails. Other images, Internet history, and the transaction also act as vital evidence. For instance, mobile devices are proving as a single prominent destination for access to text messages and images. They are backed up on cloud storage, which facilitates easy retrieval of data by forensic investigators. (Singh Gupta, 2011)
Key Terms in this Chapter
Network Forensic Tools: Network forensic analysis tools (NFATs) help administrators monitor their environment for anomalous traffic, perform forensic analysis and get a clear picture of their environment.
Email Analysis Tools: These tools will make email headers human readable by parsing them according to RFC 822. Email headers are present on every email you receive via the internet.
Disk and Data Capture Tools: Encrypted disk detector can be helpful to check encrypted physical drives.
Registry Analysis Tools: Tools for registry forensics. Tool: MuiCache View. Whenever a new application is installed, the Windows operating system automatically extracts the application name from the version resource of the exe file and stores it for later use in a Registry key known as the “MuiCache.”
Database Analysis Tools: These tools are with features and comparison that connect with cloud databases, Amazon Redshift, and Google BigQuery.
Sources of Digital Evidence: There are many sources of digital evidence, but for the purposes of this publication, the topic is divided into three major forensic categories of devices where evidence can be found: Internet-based, stand-alone computers or devices, and mobile devices.
Operating System Analysis Tools: Tools for the analysis of operating systems from their source code were developed.