Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

you are a detective for a local police. Thomas Brown, the prime suspect in a mur

ID: 3821140 • Letter: Y

Question

you are a detective for a local police. Thomas Brown, the prime suspect in a murder investigation, works at a large local firm and is reported to have two computers at work in addition to one at home. what do you need to do to gather evidence from these computers, and what obstacles can you expect to encounter during this process? write a two- three page report stating what you would do if the company had its own Computer Forensics and Invedtigations Department and what you would do if the company did not.

Explanation / Answer

Description of Case

    The case is a murder case in which Mr. Brown is the main suspect who   has killed someone. As per the case the Thomas Brown works in the    large local firm and he has two computer in the office apart from    that he has one computer in home.

    In this investigation of murder case we should try to find out the    main cause which makes the Thomas Brown the prime suspect. After   that, try to find the relation which between the convict and the    victim. The investigator should try to find out the details of talks, mails and chat between the convict and the victim.

Gathering of evidences

    To get the complete details about the convict and the victim and the type of relationship between them the investigator must have to   search all the computers. The detective should also check the mails     that are received by Mr. Brown and also sent from his computer.

    The investigator should try to look at the place where he works so   that we can get the complete details of the victim’s work. To get the data from the computer the detective can use software that are easy to use and can work fast to collect the evidences.

  Obstacles in acquiring evidences

    1. Search warrant for investigation: To get the evidences from the   computer of Mr. Brown we must first get the search warrant. In the search warrant the place must be determined perfectly because if it    is not given case may get weaken in the court room.

    The main obstacles which come during the getting evidences are to take the search warrant for all the computer of Mr. Brown because it is not the corporate investigation in which search warrant is not    required for covert surveillance.

    2. Violation of privacy in investigation: If the other place is searched instead of the place given, it leads to the violation of privacy and also the Fourth Amendment in Law which tells that every person has right of privacy. No one can violate it without a warrant of the court which can be given if the reason is valid.

    3. Working profile of victim: Investigator has to get all the details about working profile of Mr. Brown which also make it difficult because company may don’t want to give the details of the employee. We also remember to write down all the steps in notebook.   Take the video recording and sketch of the place of incident.

    4. Finding of evidences of other crimes done by the same victim:

    During the investigation we may lead to the evidences which are related to the other crime. So, we also have to take this in consideration.

    5. Generation of report: After completing the investigation we have to submit the report in the court and complete details of investigation which is also very much complicated to explain.

    6. Hiding and deletion of evidences by victim: It is possible that the victim has destroyed some of the evidences from his computers’. In this case the detective or the investigator needs some extra    software to recover the data. There is software available in the market that can be used to recover the data deleted from the system of Mr. Brown such as: Pandora Recovery, Undeleted software, Restore    system and Piriform Recuva etc.

    Data Recovery Software

    There are different software’s that are used in forensic research. Some of them are mentioned below. These software’s are use to recover the data that has been deleted by the suspect to erase the    evidence of his crime.

    The data recovery software is used by many people to recover the deleted files and it does require any technical and skills to operate the software. Steps involved are: download the data recovery    software and install it. Now click the scan button to find the deleted files and then choose the file that you want to restore or recover.

    Undeleted software

    This software uses three types of recovery modes for retrieving the deleted files from the computer. Undeleted software also helps to recover the compressed, media documents and others. The modes used   for recovery are as follows: first is the Quick Scan mode, it is the    fastest recovery method by which the person can recover the files easily and the other data that has been deleted recently.

    Second is Extensive Scan, it is the slow mode of recovery as compared to quick scan. It is used to recover the files from the formatted drive. This software scans each and every part of the hard    disk. Third is File Trace, it is the method which is used when other modes fail to recover files. It can also be used to recover the files that have been deleted long back.

    The other modes that are used by this software are: load snapshot, save snapshot, and file filtering. Save snapshot and load snapshot   helps in scanning processes. Versions supported for the use of   undeleted software are MS Windows 2000, 2003, XP, Vista, 98, 95, 7,    8, MS DOS.

    Restore system

    The process of using this software is as: Go to start menu click all   programsaccessoriessystem tool program. Then, choose system restore   icon. Then click on next on the restore system and system windows. Then select the restore point you want to use.

    Pandora Recovery

    Pandora recovery software helps to recover the accidentally deleted   file by the users form NTFS and FAT-formatted volumes. This software   scans the computer of the user and makes the list of the deleted   files and the existing files in the computer on a logical drive. Once the scan is completed the user can see the entire file and have the power to recover the deleted files to the desired destination.

    This software also tells about the estimate of recovery success. The    file when deleted from the hard drive the space left is used by the    computer to place new files. The software gives the estimate of    recovery by telling the percent of space reused by the operating system.

    To know the recovery estimate the user move the mouse pointer to the    file for a small period until the popup window appear which tells the percent of space that has been overwritten such as

    “overwritten-58%” or “overwritten-0”, the lower is this value the    greater are the chances of recovery.

    The files that are highlighted in red color are the files that a    completely overwritten and are difficult to recover. This recovery   tool is compatible with Windows Vista, Windows XP, Windows 2003 and    Windows 2000 and recognizes FAT16, FAT32, NTFS, NTFS5 and NTFS/EFS.

Perform recovery

      This recovery tool is also used for recovering the deleted files      or data from the computer by the user. This recovery tool is free      to use. Recuva recovers the files that are being deleted from the      camera; recycle bin, mp3 player, digital camera, and windows computer.

    Computer forensic department present in company

    If there is the computer forensic department and also the investigation department we will meet the attorney general of the    local firm and give the details about the employee on who is the

    suspect. The detective should call the forensics experts for help   which means they will provide us all the related data of the victim    with these employees.

    Because of the policy company can look out for anything on the employee computer without any kind of warrant which also reduces the    time which gets wasted in getting the warrant to search the place    because we cannot search the place without specific warrant. So, if   the company have computer forensic department and also the    investigation department it will be much easier to solve the case

If   Computer forensic department not present

    In case the big local firm doesn’t have the computer forensic    department and also the investigation department the investigator    has to work more to find out the details of the employee which is

    the prime suspect in the case. This will also increase the time    required to solve the case. For getting the details of computer we    have to investigate computer of the prime suspect

Related Questions

yellow blue or HIn is a weak acid with a pK, value of 5.0. It reacts with water
Question #1035490
yellow mosaic virus (ZYMV). Viral resistance is recessive. The hierarchical orde
Question #149743
yen bui -Google Chrome https:/ Math 159-Intro to stats Morning class fall 2018 H
Question #3071319
yer in the separatory funnel contains the 9-fluorenone: aqueous or organic layer
Question #905775
yer of coal of thickness L 1 m experiences uniform volumetric A plane la generat
Question #3307923
yerHomeworkaspxthomeworkd-503373193*q 5038 73 1 93&questionid=98d1ushedefalse8cd
Question #3068128
yerTestaspxitestld 181497402 FIN 5010 850 SA 2018 Test: TO5 This Q 3 pts a. Is y
Question #1172749
yes D https//www.mathd.com/Student/PlayerTest.aspx?testid- 184868454&tcenterwin;
Question #2947809

Navigate

Previous
you are a detective for a local police. Thomas Brown, the prime suspect in a mur
Next
you are a dog breeder and are interested in determining the relative contributi

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.