The Search and Seizure of Digital Evidence by Forensic Investigators in South Africa

The discipline of digital forensics requires a combination of skills, qualifications and knowledge in the area of forensic investigation, legal aspects and information technology. The uniqueness of digital evidence makes the adoption of traditional legal approaches problematic. Information technology terminology is currently used interchangeably without any regard to being unambiguous and consistent in relation to legal texts. Many of the information technology terms or concepts have not yet achieved legal recognition. The recognition and standardisation of terminology within a legal context are of the utmost importance to ensure that miscommunication does not occur. To provide clarity or guidance on some of the terms and concepts applicable to digital forensics and for the search and seizure of digital evidence, some of the concepts and terms are reviewed and discussed, using the Criminal Procedure Act 51 of 1977 as a point of departure. Digital evidence is often collected incorrectly and analysed ineffectively or simply overlooked due to the complexities that digital evidence poses to forensic investigators. As with any forensic science, specific regulations, guidelines, principles or procedures should be followed to meet the objectives of investigations and to ensure the accuracy and acceptance of findings. These regulations, guidelines, principles or procedures are discussed within the context of digital forensics: what processes should be followed and how these processes ensure the acceptability of digital evidence. These processes include international principles and standards such as those of the Association of Chiefs of Police Officers and the International Organisation of Standardisation. A summary is also provided of the most influential or best-recognised international (IOS) standards on digital forensics. It is concluded that the originality, reliability, integrity and admissibility of digital evidence should be maintained as follows: Data should not be changed or altered. Original evidence should not be directly examined. Forensically sound duplicates should be created. Digital forensic analyses should be performed by competent persons. Digital forensic analyses should adhere to relevant local legal requirements. Audit trails should exist consisting of all required documents and actions. The chain of custody should be protected. Processes and procedures should be proper, while recognised and accepted by the industry. If the ACPO (1997) principles and ISO/IEC 27043 and 27037 Standards are followed as a forensic framework, then digital forensic investigators should follow these standards as a legal framework.

Download Full-text

Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems

Kinetik Game Technology Information System Computer Network Computing Electronics and Control ◽

10.22219/kinetik.v5i2.1037 ◽

2020 ◽

pp. 155-160

Author(s):

Danar Cahyo Prakoso ◽

Imam Riadi ◽

Yudi Prayudi

Keyword(s):

Operating System ◽

Information Technology ◽

Operating Systems ◽

Digital Forensics ◽

Digital Evidence ◽

Analysis Tool ◽

Digital Forensic ◽

Digital Era ◽

Rule Out ◽

Live Forensics

Information technology has become an essential thing in the digital era as it is today. With the support of computer networks, information technology is used as a medium for exchanging data and information. Much information is confidential. Therefore, security is also essential. Metasploit is one of the frameworks commonly used by penetration testers to audit or test the security of a computer system legally, but it does not rule out the possibility that Metasploit can also be used for crime. For this reason, it is necessary to carry out a digital forensic process to uncover these crimes. In this study, a simulation of attacks on Windows 10 will be carried out with Metasploit. Then the digital forensics process uses live forensics techniques on computer RAM, where the computer RAM contains information about the processes running on the computer. The live forensic technique is important because information on RAM will be lost if the computer is off. This research will use FTK Imager, Dumpit, and Magnet RAM Capture as the RAM acquisition tool and Volatility as the analysis tool. The results of the research have successfully shown that the live forensics technique in RAM is able to obtain digital evidence in the form of an attacker's IP, evidence of exploits/Trojans, processes running on RAM, operating system profiles used and the location of the exploits/Trojan when executed by the victim.

Download Full-text

The Management of Physical Evidence and Chain of Custody (CoC) in Digital Forensic Laboratory Storage

International Journal of Seocology ◽

10.29040/seocology.v1i01.3 ◽

2019 ◽

pp. 001-010

Author(s):

Tino Feri Efendi

Keyword(s):

Management System ◽

Digital Forensics ◽

Current Problem ◽

Computer Crime ◽

Digital Evidence ◽

Digital Forensic ◽

Physical Evidence ◽

Chain Of Custody ◽

Special Space

Computer crime has 2 types of evidence, namely: physical evidence and digital evidence. Storage on physical evidence requires a special space that can hold physical evidence. However, a system that can store and manage physical evidence is needed.The current problem is the absence of a concept of storing physical evidence and its documentation (Chain of Custody). Management of Physical Evidence is proposed as a solution to solve the problem. This concept is in the form of a Physical Evidence Management System and Chain of Custody by taking the analogy of a Data Inventory. Problems with Physical Evidence Management require a Management System for Physical Evidence that is suitable for use in the UII Digital Forensics Laboratory. This research has successfully implemented the concept of Data Inventory. It is expected that with the concept of Physical Evidence Management the control of physical evidence and all activities related to it can be maintained and documented properly.

Download Full-text

Analisis Forensik Metadata Kamera CCTV Sebagai Alat Bukti Digital

Digital Zone Jurnal Teknologi Informasi dan Komunikasi ◽

10.31849/digitalzone.v11i2.5174 ◽

2020 ◽

Vol 11 (2) ◽

pp. 257-267

Author(s):

Desti Mualfah ◽

Rizdqi Akbar Ramadhan

Keyword(s):

Reference Data ◽

Computer Forensics ◽

Closed Circuit ◽

Digital Evidence ◽

Management Information ◽

Digital Forensic ◽

Video Recordings ◽

Chain Of Custody ◽

Digital Forensic Investigations ◽

Cctv Camera

Kejahatan konvensial yang terekam kamera CCTV (Closed Circuit Televison) semakin banyak ditemukan di masyarakat, setiap pelaku kejahatan yang terbukti melakukan tindak pidana tertentu akan dihukum sesuai dengan peraturan perundang-undangan. Kamera CCTV memiliki peran penting dalam keamanan, banyak diantaranya hasil tangkapan rekaman kamera CCTV dijadikan sebagai alat bukti digital. Tantangannya adalah bagaimana teknik yang diperlukan untuk penanganan khusus investigasi digital forensik dalam mencari bukti ditgital rekaman kamera CCTV menggunakan metode live forensik, yaitu ketika barang bukti dalam keadan aktif berdasarkan pedoman SNI 27037:2014 sesuai acuan kerangka kerja Common Phases of Computer Forensics Investigation Models untuk di implementasikan ke dalam dokumen Chain of Custody. Hasil penelitian ini berupa hasil analisis video rekaman kamera CCTV tentang karakteristik bukti digital dan informasi metadata yang digunakan untuk memberikan penjelasan komprehensif secara terstruktur serta acuan pengelolaan informasi data yang didapat dari hasil investigasi digital forensik yang dapat dipertanggungjawabkan dalam persidangan. Kata kunci: Bukti Digital, Live Forensik, Metadata, Kamera CCTV, Chain of Custody. Abstract Conventional crimes that are recorded on CCTV (Closed Circuit Television) cameras are increasingly being found in society, every crime that commits certain crimes will be in accordance with statutory regulations. CCTV cameras have an important role in security, many of which are recorded by CCTV cameras used as digital evidence. The challenge is how the techniques required for special handling, digital forensics in searching for digital evidence of CCTV camera footage using the live forensic method, namely when the evidence is in an active state based on the latest SNI 27037: 2014 according to the framework reference Common Phases of Computer Forensics Investigation Models for in implement it into the Chain of Custody document. These results of this research are in the form of analysis of CCTV camera video recordings about the characteristics of digital evidence and metadata information used to provide a structured comprehensive explanation and reference data management information obtained from the results of digital forensic investigations that can be accounted for in court. Keywords: Digital Evidence, Live Forensic, Metadata, CCTV Camera, Chain of Custady.

Download Full-text

Digital Forensics of Cybercrimes and the Use of Cyber Forensics Tools to Obtain Digital Evidence

Cyber Security Auditing, Assurance, and Awareness Through CSAM and CATRAM - Advances in Digital Crime, Forensics, and Cyber Terrorism ◽

10.4018/978-1-7998-4162-3.ch003 ◽

2021 ◽

pp. 45-68

Keyword(s):

International Collaboration ◽

Digital Forensics ◽

Lessons Learned ◽

Digital Evidence ◽

Collaboration Networks ◽

Forensic Evidence ◽

Digital Ecosystems ◽

Cyber Forensics ◽

Chain Of Custody ◽

New Strategies

This chapter evaluates the most relevant methodologies and best practices for conducting digital investigations, preserving digital forensic evidence and following chain of custody (CoC) of cybercrimes. Cybercriminals are assuming new strategies to launch their sophisticated cyberattacks within the ever-changing digital ecosystems. The authors recommend that digital investigations must continually shift to tackle cybercrimes and prosecute cybercriminals to increase international collaboration networks, to share prevention knowledge, and to analyze lessons learned. They also establish a cyber forensics model for miscellaneous ecosystems called cyber forensics model in digital ecosystems (CFMDE). This chapter also reviews the most important categories of tools to conduct digital investigations. Nevertheless, as the cybercrime sophistication keeps improving, it is also necessary to harden technologies, techniques, methodologies, and tools to acquire digital evidence in order to support and make cyber investigation cases stronger.

Download Full-text

Digital Forensics and Data Mining

Advances in Digital Crime, Forensics, and Cyber Terrorism - Critical Concepts, Standards, and Techniques in Cyber Forensics ◽

10.4018/978-1-7998-1558-7.ch014 ◽

2020 ◽

pp. 240-247

Author(s):

Mohammad Suaib ◽

Mohd. Akbar ◽

Mohd. Shahid Husain

Keyword(s):

Data Mining ◽

Digital Forensics ◽

Traditional Approach ◽

Information Age ◽

Digital Evidence ◽

Law Enforcement Agencies ◽

Cyber Forensics ◽

Data Mining Techniques ◽

Digital Forensic ◽

Efficiency And Reliability

Digital forensic experts need to identify and collect the data stored in electronic devices. Further, this acquired data has to be analyzed to produce digital evidence. Data mining techniques have been successfully implemented in various applications across the domains. Data mining techniques help us to gain insight from a large volume of data. It helps us to predict the pattern, classify the data, and other various aspects of the data based on the users' perspective. Digital forensics is a sophisticated area of research. As the information age is revolutionizing at an inconceivable speed and the information stored in digital form is growing at a rapid rate, law enforcement agencies have a heavy reliance on digital forensic techniques that can provide timely acquisition of data, zero fault data processing, and accurate interpretation of data. This chapter gives an overview of the tasks involved in cyber forensics. It also discusses the traditional approach for digital forensics and how the integration of data mining techniques can enhance the efficiency and reliability of the existing systems used for cyber forensics.

Download Full-text

Cyber Forensics Evolution and Its Goals

Advances in Digital Crime, Forensics, and Cyber Terrorism - Critical Concepts, Standards, and Techniques in Cyber Forensics ◽

10.4018/978-1-7998-1558-7.ch002 ◽

2020 ◽

pp. 16-30

Author(s):

Mohammad Zunnun Khan ◽

Anshul Mishra ◽

Mahmoodul Hasan Khan

Keyword(s):

Life Cycle ◽

Personal Computer ◽

Police Officers ◽

Digital Forensics ◽

Computer Forensics ◽

Digital Evidence ◽

Cyber Forensics ◽

Forensic Research ◽

Research Workshop

This chapter includes the evolution of cyber forensics from the 1980s to the current era. It was the era when computer forensics came into existence after a personal computer became a viable option for consumers. The formation of digital forensics is also discussed here. This chapter also includes the formation of cyber forensic investigation agencies. Cyber forensic life cycle and related phases are discussed in detail. Role of international organizations on computer evidence is discussed with the emphasize on Digital Forensic Research Workshop (DFRWS), Scientific Working Group on Digital Evidence (SWDGE), chief police officers' involvement. Authenticity-, accuracy-, and completeness-related pieces of evidence are also discussed. The most important thing that is discussed here is the cyber forensics data.

Download Full-text

Post-Genesis Digital Forensics Investigation

10.31227/osf.io/h5bds ◽

2017 ◽

Author(s):

Andysah Putera Utama Siahaan ◽

Robbi Rahim

Keyword(s):

Digital Forensics ◽

Computer Forensics ◽

Digital Evidence ◽

Cyber Crime ◽

Legal Process ◽

Operational Procedure ◽

Digital Footprint ◽

Digital Forensic

Digital Forensics is a technique used to search for evidence of events that have occurred. This quest aims to reveal the hidden truth. The existence of digital forensic activities due to the occurrence of crimes both in the field of computers or other. Legal treatment in digital forensic field makes this area of science a compulsory device to dismantle crimes involving the computer world. In general, the cyber crime leaves a digital footprint, so it is necessary for a computer forensics expert to secure digital evidence. Computer forensics necessarily requires a standard operational procedure in taking digital evidence so as not to be contaminated or modified when the data is analyzed. The application of digital forensic is beneficial to the legal process going well and correctly.

Download Full-text

Legal Aspects of Actions of the Traffic Police as a Chain Breaker for Covid-19 Transmission

International Journal of Social Science and Human Research ◽

10.47191/ijsshr/v4-i11-09 ◽

2021 ◽

Vol 04 (11) ◽

Author(s):

Imam Maladi ◽

Keyword(s):

Police Officers ◽

Public Transportation ◽

Legal Protection ◽

Legal Aspects ◽

The Public ◽

Traffic Police ◽

Police Action ◽

The Republic ◽

Principles And Standards

The role of Police of the Republic of Indonesia in enforcing discipline among the community is very significant, especially the role of Traffic Police (SATLANTAS) in providing education to people who drive, use public transportation to access the public facilities and so on. However, people who want to be protected cannot accept the funeral of Covid-19 in their local cemeteries, by resisting police officers. So in this case, POLRI (the Police of the Republic of Indonesia) and especially the traffic polices play a significant role in facing the community. There is a need for legal protection for the efforts that the police will take in both preventive and repressive efforts. The purpose of this study is to analyze the Legal Aspects of traffic police action as a Covid-19 transmission chain breaker. The method used in this research is a normative juridical research method, which is research that focuses on examining the application of rules or norms in positive law. The purpose of this study is to analyze the legal aspects of traffic police action as a covid-19 chain breaker. This research is expected to provide information to the reader about the legal aspects of traffic police action as a Covid-19 chain breaker and a form of legal protection for traffic police who have a duty to break the covid-19 chain breaker. As for the results of this research, every action taken by the police, especially the traffic police during a pandemic to the public has a legal basis, namely Law Number 2 of 2002 on Police of the republic of Indonesia , Article 3 of Law Number 22 of 2009 traffic and road transport other the police also have a right to be protected like a civil society because they have the rights as stated in Article 28 of the 1945 Constitution and Article 10 of article number 8 of 2009 on the implementation of human rights principles and standards in the performance of the duties of the state police of the republic of Indonesia. So that for policyholders to be able to provide more strict regulations, and informative for the public and police officers can realize a common goal. It is hoped that no more similar cases will occur so that the public can better understand the rules in force in the Prevention of Covid-19 Transmission in Indonesia and the public can act more wisely in dealing with it.

Download Full-text

Disconnects of Specialized Mobile Digital Forensics within the Generalized Field of Digital Forensic Science

Digital Forensics and Forensic Investigations ◽

10.4018/978-1-7998-3025-2.ch022 ◽

2020 ◽

pp. 325-328

Author(s):

Gregory H. Carlton ◽

Gary C. Kessler

Keyword(s):

Best Practices ◽

Forensic Science ◽

Digital Forensics ◽

Legal Framework ◽

Digital Devices ◽

Digital Forensic

The study and practice of forensic science comprises many distinct areas that range from behavioral to biological to physical and to digital matters, and in each area forensic science is utilized to obtain evidence that will be admissible within the legal framework. This article focuses on inconsistencies within the accepted methodology of digital forensics when comparing the current best practices of mobile digital devices and traditional computer devices. Here the authors raise the awareness of this disconnect in methodology, and they posit that some specific tasks within the traditional best practices of digital forensic science are artifacts of ritual rather than based on scientific requirements.

Download Full-text

Digital Forensics

Enterprise Information Systems Assurance and System Security ◽

10.4018/978-1-59140-911-3.ch020 ◽

2011 ◽

pp. 311-325

Author(s):

David A. Dampier ◽

A. Chris Bogen

Keyword(s):

Law Enforcement ◽

Digital Media ◽

Digital Forensics ◽

Criminal Activity ◽

Computer Forensics ◽

Data Recovery ◽

Digital Evidence ◽

Digital Forensic ◽

Network Device

This chapter introduces the field of digital forensics. It is intended as an overview to permit the reader to understand the concepts and to be able to procure the appropriate assistance should the need for digital forensics expertise arise. Digital forensics is the application of scientific techniques of discovery and exploitation to the problem of finding, verifying, preserving, and exploiting digital evidence for use in a court of law. It involves the use of hardware and software for finding evidence of criminal activity on digital media, either in a computer or in a network device, and attributing that evidence to a suspect for the purposes of conviction. Digital forensics can also be used for non-law enforcement purposes. Data recovery is a form of computer forensics used outside of the legal arena. The authors hope that the reader will understand some of the intricacies of digital forensics and be able to intelligently respond to incidents requiring a digital forensic response.

Download Full-text