Computer Crime and the Electronic Crime Scene

¶ … computer related data on a forensic level. With new advances in technology, there are new opportunities for criminals to commit crimes online and through hacking into computer systems. These crimes committed are often very complex, and take special techniques in order to collect enough evidence to suggest a suspect or even the presence of a crime itself. The paper then goes on to discuss the sensitivity of electronic evidence and the process of collecting, documenting, examining, and packaging anything found in a scan of electronic devices by forensic investigators.

The computer age has brought with it a whole new host of problems for law enforcement. According to the research, "the Internet, computer networks, and automated data systems present enormous new opportunity for committing criminal activity," (U.S. Department of Justice, 2013, 6). Many electronic devices are becoming facilitators for electronic crime. Often, hackers and other criminals use computer systems and the Internet in order to commit crimes against both individuals in larger organizations. Crimes committed digitally include things like auction fraud, computer intrusion, economic fraud, e-mail harassment, extortion, identity theft, and software piracy, among many others (Protext International, 2003). Personal consumer products, like desktop, laptops, and tablets can all be used in digital crime. Yet also, larger electronic systems in business or enterprise operations can also be sources of digital crime. Thus, towers, modular racks, minicomputers, and mainframes can all be where evidence is also located (Protext International, 2003). Additionally, access control devices can also contain evidence, like smart cards, dongles, and biometric scanners (Protext International, 2003). Even telephone switching systems, answering machines and fax machines can all contain hidden data that suggests evidence of the digital crime. Unfortunately, as technology advances so do crimes. Forensic investigators often retrieve sensitive information to use against the initial user. In order to combat this type of crime, investigators need a whole new set of skills in the digital realm. Electronic crimes are still crimes, and thus law enforcement must treat them as though. Thus, "the law enforcement response to electronic evidence requires that officers, investigators, forensic examiners, and managers all play a role" (U.S. Department of Justice, 2013, 16)

A lot of the evidence left behind in electronic crime is actually latent. This means that there is some residual evidence of the crime committed because it was at some time stored or transmitted by a computer or other electronic device. Thus, "electronic evidence is latent evidence in the same sense that fingerprints or DNA evidence are latent. In its natural state, we cannot see with contained in the physical object that holds her evidence," (U.S. Department of Justice, 17). Special skills and processes are needed in order to uncover the evidence that remains on a computer's hardware or other electronic device. Still, new devices and processes are being designed in order to combat digital crime. The research suggests that "cloud computing brings opportunities for network forensics tracing Internet criminals in a distributed environment" (Fu et al., 2010, 1). The new developments of cloud computing bring new potential for forensic evidence on a larger scale, like never before seen any evidence of computer crimes.

Moreover, electronic evidence is very sensitive. Unfortunately, "it can be altered, damage, or destroyed by improper handling or in proper examination. For this reason, special precautions should be taken to document, collect, preserve, and examine this type of evidence" (U.S. Department of Justice, 17). Very serious forensic processes are required in order to collect electronic data that is usable in a court of law. In fact, there are four specific phases that are involved in the forensic investigation of electronic evidence. This includes collection, examination, analysis, and reporting. Moreover, electronic evidence can also be time sensitive. It may have certain aspects that you raise or eliminate incriminating evidence after a certain amount of time or after the evidence is written over with other data (Protext International, 2003). Even "components such as keyboard, mouse, removable storage media, and other items may hold latent evidence such as fingerprints, DNA, or other physical evidence that should be preserved" (National Institute of Justice, 2013). As such, careful consideration of evidence must be conducted in the same manner as collecting physical evidence.

The first stage in the forensic process is collection. This "involves the search for, recognition of, collection of, and documentation of electronic evidence," (U.S. Department of Justice, 2013, 18). A warrant is needed before any computer devices can be seized in order to collect evidence (Protext International, 2003). All "first responders should document, photograph, and secure digital evidence as soon as possible at the scene" (National Institute of Justice, 2013). Therefore digital evidence needs to be treated as sensitive, if not more, as real physical evidence of a crime. Yet, there needs to be special steps taken in order to ensure that this evidence is not altered in any way. It is crucial to "ensure that the condition of any electronic device is not altered," thus "leave a computer or electronic device off if it is already turned off" until brought back into a controlled lab environment (National Institute of Justice, 2013). This will help ensure that all evidence contained in computer devices is preserved in order to be examined later in a forensic lab.