2.2 The Importance of Computer Evidence (Problems and Solutions)


The importance of computer evidence is, to comply with nowadays crime method which is by using technologies devices. Such methods of committed crime is extremely hard to prove as, the evidence which usually includes many forms such as fingerprints, DNA test, footsteps or any gadgets or tools to. But, here in cyber space, the evidence maybe complete files on computer hard drives, diskette, CD-ROM, online transactions and many others abstract evidences.

In computer evidence there are two categories of data collected. The first one is known as persistent data. It is stored on local disk drives or on other media. It is protected when the computer is powered off or turned off. While, volatile data is stored in random access memory and lost if the computer is turned off or loses power. Volatile data is located in caches, random access memory (RAM) and also registers. Computer expert should recognize the best and safe ways to capture volatile data. It is important for security staff and network administrators to have knowledge regarding network and computer administration task effects on computer evidence process and the capability to recover data lost in a security incident.

In this globalization era it is essential for network administrator and security staff of networked organizations to practice computer evidence and should have lots of knowledge and information of laws related because the rate of cyber crimes is increasing greatly.

It is very important for mangers and personnel who want to know how computer evidence can become a strategic tool of their organization security. Personnel, security staff and network administrator should be familiar with all the issues related to computer evidences. Computer experts may exercise advanced tools, gadgets and techniques to locate or recover deleted, damaged or corrupt data and any other evidence against attacks and intrusions.

These kinds of evidences are collected to pursue cases in criminal and civil courts against those criminals who committed cyber crimes.

The survivability of network infrastructure of any organization depends on the function and application of computer evidence. In the present situations computer evidence is the basic element of computer and network security. It is such a big benefit for the company if it has workers that knew all about the technical and legal aspects of computer evidence. If the network of the company being attacked and the intruder are caught, computer evidence’s knowledge will definitely assist the company to provide evidence and for sure to prosecute and impose liability on the criminals.

But, it is extremely significant and vital to know the risks if there malpractices or misconducts of computer evidence. The fist one is, the evidence might or can be destroyed easily. So, if the data is not appropriately protected then many liabilities can be assigned to the organization. Nowadays, new rules had been regulated which can bring organizations in criminal or civil courts if the organizations fail to protect customers data’s. Organization funds can also be saved by applying computer evidence. Many reported that most large companies and organizations spent lots of budgets for network and computer security.

As we all know, organizations are increasing daily, so that the hackers are also increase. Because of that, the organizations will have developed their own security systems. Here are some examples; intrusions detection systems (IDS), proxies and firewalls which report on the security status of network of an organization. So it can be concluded, that technically the foremost goal of computer evidence are to identify, collect, protect and examine data in such a way that protects the reliability of the collected evidence to use it efficiently and effectively in a case.

Investigation of computer evidence has some typical criteria. The first one is, computer experts who examine computers must know the sort of evidence they are looking for. Besides that, cyber crimes are wide in range such as child pornography, theft of money or personal data and destruction of data or computer via viruses and hacking. Secondly, computer must use proper gadgets. The computer experts should have knowledge of software, latest techniques and methods to recover the deleted, encrypted or damaged files and the most crucial part is to prevent further damage in the process of recovery.

Here, are some cases which can be referred in order to expand your idea about computer evidence.

Case of Blanton 1995

When Colonel Oliver North was under investigation during the Iran Contra affair in 1986, he was careful to shred documents and delete incriminating e-mails from his computer. However, unbeknown to him, electronic messages sent using the IBM Pro Office System (PROFS) were being regularly backed up and were later retrieved from backup tapes

Case of Cowen 2003

A man, Michael Mc Kevitt was charged with directing terrorist activities. He also has being accused of involvement in a bombing incident in Northern Ireland. The defendant allegedly contacted an FBI agent on behalf of the Real IRA to obtain laptops for bomb detonation, encryption software, and personal digital assistants. Mc Kevitt apparently saw cyber terrorism, which is the use of networks to cause panic and loss of life-as the future bombing and was taking steps to enlarge and expand his terrorist organization’s capabilities in this area. The evidence in this particular case is laptops, e-mail messages, and mobile telephone records.

Case of Maryland 1996

A woman, Sharon Lopatka had told her husband that she was going to visit her friends. But, she left a chilling note that caused her husband to report to police that she was missing. Throughout the investigation, the police had found hundreds of e-mail messages between his wife and a man named Robert Glass. It is about their torture and death fantasies. By using the e-mail, it led them to Glass’s trailer in North Carolina and found the wife’s shallow grave nearby. It is stated that her hands and feet were being tied as she had being strangled. In this case, Glass pleaded guilty that he killed Lopatka by accident during their sexual intercourse.

Case of US v Grant 2000

In an investigation into tarnished online Wonderland Club, the defendant argued that all evidence found in his home should be suppressed as the investigators had failed to prove that he was guilty; associated with the illegal online activities. However, the prosecution at last had succeeded to present sufficient corroborating evidence to prove their case.