Criminal activities using digital based information call for standard and structured approach of dealing with the victims. Since the vast amount of information is documented in digital form, the evidence required for the prosecution of criminals is also in the same form (Yusoff, Ismail & Hassan, 2011). In computer forensics, various hardware and software tools are used to help in the process of investigation. The data collected from the crime sight require special software for their acquisition and analysis. The proper crime sight reconstruction is attained from the source if it has to be accepted in a court of law (Hassan, Mahmood & Raghav, 2012).
The case narrates about a 35-year-old, Richard Glenn Dopps, who was once the employee of Bergman Companies (TBC). TBC happens to be the contracting firm based in China. Richard Glenn Dopps later left to work for a competing company to TBC. While he was there, he used his internet link to get the right of entry to the computer systems of TBC for more than twenty occasions. While accessing the TBC systems, he could illegally read the e-mail messages of TBC executives. He did this so that he could remain informed about the TBC’s ongoing business and to be able to get commercial advantage for his new employer
Dopps’ illegal access to the computer systems of TBC resulted to damages and costs to TBC that amounted to over 21000 dollars. For that matter, Dopps is presently on bond awaiting court hearing on the second of December. He faces a maximum sentence of five years in prison and a fine of 250000 dollars. The investigation was carried out by the Federal Bureau of Investigation (FBI) that came up with the crime evidence as described above (Yusoff, Ismail & Hassan, 2011).
Initial data collected
The initial data collected for computer forensic investigation forms the foundation of all other phases that follows until the crime person is gotten. The initial data collection represents the pre-process tasks carried out that relates to every work that needs to be conducted before the real investigation and official data collection. The examples of tasks here include getting the necessary approval from the relevant authority, preparation and arranging all tools to be used among other tasks. The technology to be used is the Generic Computer Forensic Investigation Model (GCFIM). This technology model is most suitable because it has standard phases that make it appropriate for any general investigation phase. Therefore the next phase after the initial data collection is the acquisition and presentation (Yusoff, Ismail & Hassan, 2011, Garfinkel, 2010).
Acquisition and presentation
The tasks conducted in this phase are associated with the identification, acquiring, collection, transporting, preservation and storage of data. In summary, this is the phase where every relevant data is gathered, stored and later accessed for use in the succeeding phase (Yusoff, Ismail & Hassan, 2011).
The digital crime scene is used in this case that focuses on the digital evidence within the digital environment. The fact that it centers on digital evidence is what distinguishes it from physical crime investigation. It is also called the analysis phase. It marks a major and center most stage of the computer forensic investigation process. It comprises of the majority of the number of phases within its group. As a result, investigation reflects on the focus of the majority of models reviewed. Many types of analysis are carried out on the collected data with the aim of identifying the source of crime. The individual responsible for the crime is ultimately discovered at the end of the investigation process. The Federal Bureau Investigation used in the case of Richard Glenn Dopps makes the source of the data used more relevant to be accepted in the court of law. It is because it involves the application of standard methods of digital investigation (Yusoff, Ismail & Hassan, 2011, Garfinkel, 2010, Baier & Breitinger, 2011).
It is where the findings from the analysis or investigation stage are documented in addition to being presented to the concerned authority. This phase is apparently significant since the case has to not only be presented in a way that is well comprehended by the party presented to. The case also requires support with sufficient and acceptable evidence. The documentation of the findings will thus ensure that enough evidence is available. The outcome of presentation phase is either to approve or negate the suspected criminal acts (Yusoff, Ismail & Hassan, 2011, Baier & Breitinger, 2011).
In the case of Richard Glenn Dopps, various evidences are to be presented in order for the case to be approved. The first evidence is Doops’ attempt to obtain information from a protected computer. Next is to find out whether he used his internet connection to access the TBC’s computer system. The investigators also need to ascertain whether the frequency of access exceeds 20 times are indicated from the results of the investigation by the FBI. The next thing is to ascertain whether Doops read the email messages of TBC’s executives for purposes of gaining commercial advantage for his fresh employer. Another issue to be validated is how true is it that the damages and costs indicated in the results of the investigation are due to Doops’ unauthorized access to the computer systems of TBC. The negation or approval of the case relies on the level of truth that exists in these evidences. The review of investigative course also ought to be carried out for the purpose of learning lesson that can be used for future improvements of investigations (Yusoff, Ismail & Hassan, 2011, Garfinkel, 2010).
It is the fifth phase of Generic Computer Forensic Investigation Model (GCFIM). It involves closing of the investigation process. Both physical and digital evidence requires to be correctly returned to the lawful owner and be stored in a secure place where necessary. This model of investigation deals with situations that are changing forever in terms of crime scenes. The tools used for investigation, crime tools applied as well as the level of expertise for the investigation also changes. As a result, the capability of going back to the previous phases have to be present rather than moving sequentially from one phase to another. The ability to go back will help in correcting any weakness but also in getting fresh information (Yusoff, Ismail & Hassan, 2011).
The validity of evidence used in computer forensics to investigate criminals will depend on the structure of the methodology used if the evidence is to be approved in any court of law. However, there are various structure methodologies which use different tools. The tools themselves and even the expertise keep on changing from time to time. The case of Doops requires digital evidence given that the crime is also digital based.
Yusoff, Y., Ismail, R., & Hassan, Z. (2011). Common phases of computer forensics investigation models. International Journal of Computer Science & Information Technology (IJCSIT), 3(3), 17-31.
Hassan, R., Mahmood, S., & Raghav, A. (2012, September). Overview on Computer Forensics tools. In Control (CONTROL), 2012 UKACC International Conference on (pp. 400-403). IEEE.
Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7, S64-S73.
Baier, H., & Breitinger, F. (2011, May). Security aspects of piecewise hashing in computer forensics. In IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on (pp. 21-36). IEEE.