Join Jungwoo Ryoo for an in-depth discussion in this video Legal implications, part of Learning Computer Forensics (2014).
There are some important legal consequences you should be aware of as a Computer Forensics Investigator. Depending on how you conduct your computer forensics investigation, the entire evidence you collect could be thrown out of court. Even worse is that you, yourself, could get into some sort of a legal trouble, if you're not very careful. In the context of a public investigation, one of the first things you have to consider is the Fourth Amendment. As you know, the Fourth Amendment protects you from unauthorized search and seizure.
Therefore, as a computer forensics investigator, it is important that you obtain a warrant, by putting together a document call an affidavit to justify your warrant. In the context of a private investigation, the Fourth Amendment is no longer an issue, because a lot of times your investigation is driven by internal policies rather than the statutes of the law. For your evidence to be accepted by the court, ensuring the reproducibility and verifiability of your evidence is critical.
You can accomplish this by following systematic procedures in your computer forensics investigations when you're collecting and analyzing your data. For example, the use of chain of custody forms and evidence containers are critical, especially when you're trying to make sure there is little chance of tampering. One way of ensuring verifiability is by the use of a hash utility. Let's say that you have data on an original storage device or evidence drive and it somehow produces a hash value A.
And you'll make a copy and if it produces hash value B, and if A and B matches, the validity of the copy is verified. In this course, we have a dedicated lesson where we look into hashing more in detail. You can use hashing to ensure reproducability too. If you can generate the same hash value over and over again, as long as the file is the same and the tool you are using is the same, reproducability is proven. How you conduct your computer forensics investigation may have a significant legal impact, to avoid unintended consequences, following the best practices in your computer forensics investigation is essential.
- Understanding computer forensics
- Understanding partitioning
- Using a hex editor
- Preparing a target drive
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report