issc351 discussion response
Respond to the following two students post below with 100 words minimum. In the bold are the questions just so you can know what the students were asked.
You are a computer forensics investigator for a law firm. The firm acquired a new client, a young woman who was fired from her job for inappropriate files discovered on her computer. She swears she never accessed the files.
- What is the importance of documentation?
- Why is preservation of evidence important to a criminal investigation?
Student one:
Hello and Good Evening Class,
Documentation of findings is critical for presenting that information at a later date. Whether it be an audit or an investigation the legal system requires that the information is correctly documented for that information to be used within a court of law, without proper documentation the information cannot be used which could result in the case to be dropped. The goal to proper documentation is to ensure that all evidence can be found when needed and all personnel that are controlling that evidence is identified. The concept of documentation of all findings was seen in the last few weeks through the focus on properly documenting the chain of custody. When the chain of custody is established, the likelihood of evidence tampering is lessened and if evidence tampering does occur it will be easier to establish who was maintaining the evidence.
Following the requirement of proper documentation of all finding, preserving that information is equally as important. By preserving all evidence important to an investigation an investigator can ensure that the evidence can be used in court and has not been manipulated in any way. This preservation is needed on the crime scene and throughout the time of the case. Additionally, preserving evidence can relate to establish a robust security program on all systems maintaining evidence. This will lessen the possibility of the tampered evidence through the use of malicious code which could manipulate the information in the favor of an attacker.
-Adam
Easttom, C. (2014). System Forensics, Investigation, and Response 2ndEdition.
Student two:
When it comes to any type of an investigation, the main goal is to identify and convict the appropriate criminal for the crime at hand. It is not a magic wand that is waved or a mirror that will points them to the correct person, it is long hours and commitment that goes into each investigation. In saying that without the proper documentation or miss handling of evidence can cause it all to be thrown away. Proper documentation not only ensures that the evidence has not been tampered with but it also helps keep things that you may come across in the investigation more organized. For example when searching through the various files you it would be ideal to document anything that seems suspicious as you conduct your search. Then afterwards the investigator can look back at the information he/she wrote down and make a connection or quickly refer back to any discretion that was made and pursue it further (Easttom, 2014).
For each piece of evidence there is a protocol that explains how it may be preserved and handled. This is important because in many cases the evidence can quickly become contaminated or lead to the evidence being destroyed in the process of moving it. When biological evidence is preserved and stored properly it could be used in order to solve on going could cases or be used to identify a suspect in later years. Not only is it important to preserve physical evidence properly but also preserve the crime scene. Photographs and thorough documentation can allow the investigators to have a quick reference of the scene (Mahoney, 2014).
Reference:
Easttom, C (2014). System Forensics Investigation and Response. Retrieved from: https://online.vitalsource.com/#/books/9781284038330/cfi/121!/4/2@100:0.00
Mahoney, K (2014). Collecting Evidence. Retrieved from: https://www.relentlessdefense.com/forensics/preserving-collecting-evidence/
-Brandon
