HW 2
UMUC CCJS 321
Insert Name
Insert DateWhat permissions/authorities should you have before you search Mr. Yourprop’s former Company work area, and how would you document that authority?
Despite Mr. Yourprop being a former employee and the fact that Mr. Yourprop did not sign the papers allowing for a personal search, his former work area would need authority before searching. As an Information specialist it would be important to recognize that all digital evidence collected to be admissible in a court of law must have the necessary court backing. In the book, “Electronic evidence and Discovery: What every Lawyer should know Now,” the authors indicate that standard procedure is that it is upon the court to determine whether there is reason enough for a search to be conducted and whether the search would give any insight (Lange & Nimsger, 2009). Thus, a warrant from a court to the technology consultants would be the necessary document to show the authority. The court through its search warrant order would be needed for there to be any legality to search Mr. Yourprop’s former area and use it in the same court of law.
(Looking at the photo of Mr. Yourprop’s work area, provided for Project 2 in the Course Content area) Identify three (3) potential items of digital evidence you see in the photo. For EACH item of digital evidence you identified, explain what potential use that item would be to your investigation
The Thumb Drive: The thumb drive would be a good source of digital evidence. For instance, the thumb drive may contain different types of data. For instance, the thumb drive may possess bookkeeping data such as QuickBooks. The presence of a QBW file extension in the thumb drive can saw if multiple set of books were maintained.
The Western Digital Hard disk could also serve as a source for digital evidence. Similar to the thumb drive, the Western Digital Hard disk could also be used to check for multiplicity in the set of data that was contained. According Casey (2002) in the article journal “Error, uncertainty and loss in digital evidence,” asserts that during the collection process, the external hard disk could be used to store any images on the may be obtained from the original hard disk. All the data in the hard disk needs to be extracted and saved under new folders such as the investigational file (Casey, 2002). The process of extraction of files from the hard disk can be undertaken through the disk swipe utility option. As part of the collection process from hard disk, there should be duplicity or imaging of the hard disk. Some software such as “Encase” would help in this process of duplicity. The only caution that should be taken is ensuring that the duplicity does not over write the original data.
The Voice recorder is the final piece of digital evidence. The voice recorder can contain audio data that could be evidence. Any set of voice data that was contained or obtained through the voice recorder can be decoded to prove for any violation by Mr. Yourprop. The evidence in the voice recorder should be collected in a manner that obeys the “best evidence rule” whereby an original is kept for accuracy and authentication.
Looking at the photo of Mr. Yourprop’s work area, provided for Project 2 in the Course Content area) Identify three (3) potential items of non-digital evidence you see in the photo. For EACH item of non-digital evidence you identified, explain what potential use that item would be to your investigation AND how you would collect that item as evidence.
The first non-digital evidence item is the “NASA notebook.” The notebook clearly belongs to Mr. Yourprop and maybe a clear indication of the wrong intentions. In the collection process, first is the taking of close up photographs of the book without touching the book. In case contact has to be made, it should be with the use of hand gloves that will not tamper with DNA or fingerprint evidence. After photos are taken, the book should be taken and place in an evidence sample bag and labeled clearly (Lange & Nimsger, 2009).
The sticky notes from the yellow loose pad are the other source of non-digital evidence. There are two sticky notes that may contain written data over the same. First, the sticky note contains information about the Blackberry forwarding service that could be a get-away plan for Mr. Yourprop. This would be excellent for the evidence team.
The other sticky note contains written data about how he would transfer the information from the source hard disk to the target hard disk. This is non-digital evidence that can be utilized by all in the investigation team. This sticky note contains the serial number of the hard disk that contains the information that is labeled as source and also the serial number of the target hard disk called the target. This is information to prove that information was meant to be transferred.
An interview with Maria would also be important as a non-digital evidence source. Since Maria is has been implicated by Mr. Yourprop in his notebook, an interview with Maria regarding digital evidence would be prudent. Mr. Yourprop was to inquire about “safe keeping” from Maria so it will prove to be vital information.
The challenge with non-digital evidence is the easy tendency to be destroyed without adequate backup. Digital evidence that may be sourced from the thumb drives and hard disks can be backed up and store in investigational files. However, non-digital evidence such as the note books cannot be backed up.
(Looking at the Evidence Custody Document and item photographs, provided for Project 2 in the Course Content area) Read the Evidence Custody Document prepared by one of your co-workers, in which he is attempting to seize the three items pictured in the accompanying photos. Did your co-worker adequately describe each item? What could you add to the descriptions, and for which items (based on what you see in the photos), to make them more complete and serve as an example to your co-worker of what they SHOULD look like?
On the evidence/property custody department there are some important parts that are missing as part of the description of the items.
On the Western Digital hard disk that is seized, there is missing information such as the serial number of the hard disk. The document only contains the name of the hard disk and the description. However, the information provided could apply for any hard disk from the company. The serial number is what would set apart the evidential hard disk from any other. The serial number is unique to each product manufactured (Kerr, 2005). There is also missing information about the perceived working condition of the hard disk and a general description of its state.
The Voice recorder too is missing vital information. There is only a description of its color and size. There is no indication of its state or working condition. Most importantly would be the inclusion of the serial number of the voice recorder. This information is also missing. Since the voice recorder contains a port for a memory card, it would be important to describe whether there was a memory card found or not. The exact model of the voice recorder is also not mentioned yet it would be important for the duty.
How should the items you collected as evidence be stored in your evidence room. Describe any environmental conditions or concerns for your evidence room (digital evidence can require some unique considerations!), as well any security procedures that should be in place.
Storage of digital evidence is very critical to any process. If poor storage of the digital evidence is undertaken, then the good collection techniques that were undertaken would be futile and useless. The first respondent is usually very important in the storage process. First should be adequate measures that ensure that digital evidence is properly documented in the inventory book. According to each collection agency, there is usually proper documentation of all digital evidence that is brought into their possession. Therefore, inventory management is the first important step (Lange & Nimsger, 2009).
The storage condition is the other critical step. It is important to store any digital evidence in a secure environment. A secure environment means that the environment should be free from theft and burglary. The most important environment is, however, the climatic conditions. No adverse climatic conditions should be placed on the digital evidence material due to the sensitivity of the data. The storage area should also be free from electromagnetic elements since they also adversely interfere with the data quality. Other material that may also interfere with data is moisture and dust.
References
Casey, E. (2002). Error, uncertainty, and loss in digital evidence. International Journal of Digital Evidence, 1(2), 1-45.
Kerr, O. (2005). Digital evidence and the new criminal procedure. L.Rev., 279.
Lange, M., & Nimsger, K. (2009). Electronic evidence and Discovery: What every Lawyer should know Now. Chicago: American Bar Association.
