Digital Evidence &amp

Legal Issues51250 The innovative ways of gathering digital evidence are so diverse that the structures created for the conventional investigations usually no longer work for the new (Richard, Golden, amp. Roussev, 2006). For instance, rules that are applied by criminal investigators when confronted with privacy versus security scenarios relative to physical crime probes, usually results in astonishing outcomes in the search for digital evidence. They allow extraordinarily invasive investigatory processes to go unchecked in some cases, and yet permit incredible threats to privacy to turn legitimate investigations into a cropper. Court rulings and Congressional laws, have shored-up the weaknesses of the search for digital evidence and the prosecution of the suspects in the United States, nonetheless. Criminal evidence procedure The investigation process in regard to digital evidence, such as in system intrusion cases usually is split into three stages: It starts with the gathering of stored traces of facts from third-party databases, turns next to potential scrutiny of the exhibits, before the forensic probe of the suspected criminal’s hardware wraps up the process (Daniel, amp. Daniel, 2012). These three stages fulfil the primary objectives of gathering digital evidence: they include. gathering digital evidence on traffic, gathering digital evidence kept on the servers operated by cooperative third parties, and gathering digital evidence kept with unfriendly parties, which may include the suspect. Each mechanism exposes unique pieces of evidence, and requires deeper scrutiny. Collection procedure of digital evidence According to Casey (2011), the procedure of collecting digital evidence is long, tedious and sometimes yields negligible outcomes. Nonetheless, computer forensics specialists have crafted a comprehensive set of processes that forensic investigators ordinarily adhere to, when they capture and scrutinize a suspect’s computer and or related hardware. First, the investigators ordinarily confiscate the computer and take it to a government forensic laboratory for analysis. This is important because the analysis of the exhibit is a time-consuming process. computer specialists, usually cannot locate the evidence on a hard drive during a search operation. At the forensic lab, the specialists begin by creating a bitstream image of the computer hard drive. The bitstream is an exact copy of all the bits and bytes kept on the hardware. The expert then carries out investigations on the bitstream in order to avoid any damages or alteration to the original hard drive during investigation. The crime analyst may explore different approaches such as executing successive searches for certain extensions, terms, or textual clues that match the nature of evidence sought. Alternatively, the investigator may scan through all documents bearing particular features on the sample, until there is enough proof that links the suspect to the offense is achieved. For instance, if these techniques proved to be fruitful, and that an evaluation of the suspect’s computer reveals proof of the hacking of a company’s database, the suspect will face criminal charges (Richard, Golden, amp. Roussev, 2006). The prosecution will call upon