Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The text this week identifies several types of devices on which digital evidence

ID: 667348 • Letter: T

Question

The text this week identifies several types of devices on which digital evidence could be found. For this week's discussion, please:

1. List two of the devices provided by the text (or other devices, if you prefer),

2. State what types of evidence you might look for on those devices

3. Explain:  a) What limitations you might have and/or

                   b) What hurdles you would have to clear

before searching those devices. Respond BOTH as a private company IT professional and as a law enforcement officer.

4. Identify what (if any) policies would need to be in place for you, as an employee of a private company, to conduct a search.

Explanation / Answer

(4)

While employees have a legitimate expectation of privacy in the workplace, this right must be balanced with the rights and interests of the employer. (In particular, the employer's right to run their business efficiently and above all, to protect themselves from any liability or harm an employee's actions may create.) These rights and interests constitute legitimate grounds that may justify appropriate measures to limit the worker's right to privacy

Employers must provide workers with a readily accessible, clear and accurate statement of policy with regard to email and internet use.

Under the law, all employees have a “reasonable expectation of privacy” which prevents employers from searching employees wherever and whenever the employer wishes. What is considered reasonable depends on factors like the type of employment, whether there is evidence of misconduct, and the scope of the search. Employees have a greater expectation of privacy with respect to more intrusive searches, including searches of their bodies, clothing, purses, and briefcases. Reasonableness is determined on a case-by-case basis and will depend on the particular facts of a given search.

Employers must provide workers with a readily accessible, clear and accurate statement of policy with regard to email and internet use, including the use of social media, in the workplace. This should clearly describe the extent to which the employees can use communication facilities, either owned by the company or personal remote devices such as smartphones, for personal or private communications.

Digital evidence:

Computers are used for committing crime, and, thanks to the burgeoning science of digital evidence forensics, law enforcement now uses computers to fight crime.

Digital evidence is information stored or transmitted in binary form that may be relied on in court. It can be found on a computer hard drive, a mobile phone, a personal digital assistant (PDA), a CD, and a flash card in a digital camera, among other places.[1]Digital evidence is commonly associated with electronic crime, or e-crime, such as child pornography or credit card fraud. However, digital evidence is now used to prosecute all types of crimes, not just e-crime.

For example, suspects' e-mail or mobile phone files might contain critical evidence regarding their intent, their whereabouts at the time of a crime and their relationship with other suspects. In 2005, for example, a floppy disk led investigators to the BTK serial killer who had eluded police capture since 1974 and claimed the lives of at least 10 victims

In an effort to fight e-crime and to collect relevant digital evidence for all crimes, law enforcement agencies are incorporating the collection and analysis of digital evidence, also known as computer forensics.

>Computers and Electronic Devices as Sources of Evidence

A personal computer or laptop can be a treasure trove of information that might play a role in employment, family law, breach of contract, and many other types of legal disputes. Cell phones and smart phones, too, can be useful sources of evidence. Digital cameras may contain recoverable photos or videos with embedded metadata identifying the location and time the photos or videos were made. Personal digital assistants (PDAs) may contain appointment data or contact information that is suspicious. Global positioning system (GPS) devices may contain relevant information concerning a user’s past whereabouts

>Recovery of Deleted Information

Recovering deleted information is an especially important role for a computer forensics examiner. A computer forensics examiner will be able to copy the unallocated space on the hard drive where information about deleted files resides. The examiner will use specialized software that will be able to recover deleted files, even after they have been emptied from the recycle bin, unless they have been overwritten. In some cases they may be partially overwritten, and only parts of a deleted file may be recoverable.

Deleted files are randomly overwritten by the normal operation of a computer’s operating system. This makes electronic evidence extremely volatile. The longer one waits from the time a file is deleted to the time a recovery effort is made, the more likely it is that the file will have been overwritten. The time between deletion and overwriting depends on the size of the hard drive, with smaller hard drives being overwritten more often. Cell phones and smart phones in particular overwrite data much more often than do personal computers. Consequently, it is important to try to collect such evidence as soon as possible

>Windows Registry Reports

An examination of the Windows registry will provide a list of every external device that has been plugged into the computer. A record of the last time of access for each device will also be available. Using the link-file analysis along with the Windows registry analysis, the examiner can determine that thumb drives have been used with the computer and that the computer has been used to create and access data on the thumb drive at a particular date and time.

>Storage Devices Use of Thumb Drives and Related

Thumb drives can be used to store many different types of data. It is not uncommon to find that someone has installed a copy of QuickBooks, Quicken, or a similar program on the thumb drive itself, and that all the related bookkeeping data is stored on the thumb drive. A link to a thumb drive with a .QBW file extension suggests that a duplicate set of books is being maintained. Other relevant document, spreadsheet, image, or word-processing files also may be stored on a thumb drive. Many types of data could be hidden on a thumb drive. This same analysis applies to other storage devices, so in addition to thumb drives you need to look for external hard drives, flash drives, and links to DVDs or CDs.

Related Questions

The testes (at least in human males) are vascular organs, the vascularization ex
Question #35830
The testing center decides to start to use price discrimination to increase it\'
Question #1157508
The testing phase is usually very costly when developing a software application.
Question #3794505
The testing procedure shown below intended to test the thermal conductivity of a
Question #2074818
The testing protocol used in this lab consists of a series of 3-minute running b
Question #132485
The tests results showed that unknown # 4 was positive fro Hg2^2+ as well as Fe+
Question #875814
The tetanus toxin tetanospasmin blocks release of the neurotransmitter (GABA) th
Question #132682
The tetanus toxin tetanospasmin blocks the release of the neurotransmitter (GABA
Question #98026
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
The text states, overly sufficiently long time periods, net income equals cash i
Next
The textbook [1 pages 11-13] discusses the CobiT ®® framework and describes IT a

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.