A Grounded Theory Approach to Identifying and Measuring Forensic Data Acquisition Tasks

As a relatively new field of study, little empirical research has been conducted pertaining to computer forensics. This lack of empirical research contributes to problems for practitioners and academics alike. For the community of practitioners, problems arise from the dilemma of applying scientific methods to legal matters based on anecdotal training methods, and the academic community is hampered by a lack of theory in this evolving field. A research study utilizing a multi-method approach to identify and measure tasks practitioners perform during forensic data acquisitions and lay a foundation for academic theory development was conducted in 2006 in conjunction with a doctoral dissertation. An overview of the study’s findings is presented within this article

Identifying a Computer Forensics Expert: A Study to Measure the Characteristics of Forensic Computer Examiners

The usage of digital evidence from electronic devices has been rapidly expanding within litigation, and along with this increased usage, the reliance upon forensic computer examiners to acquire, analyze, and report upon this evidence is also rapidly growing. This growing demand for forensic computer examiners raises questions concerning the selection of individuals qualified to perform this work. While courts have mechanisms for qualifying witnesses that provide testimony based on scientific data, such as digital data, the qualifying criteria covers a wide variety of characteristics including, education, experience, training, professional certifications, or other special skills. In this study, we compare task performance responses from forensic computer examiners with an expert review panel and measure the relationship with the characteristics of the examiners to their quality responses. The results of this analysis provide insight into identifying forensic computer examiners that provide high-quality responses

A Simple Experiment with Microsoft Office 2010 and Windows 7 Utilizing Digital Forensic Methodology

Digital forensic examiners are tasked with retrieving data from digital storage devices, and frequently these examiners are expected to explain the circumstances that led to the data being in its current state. Through written reports or verbal, expert testimony delivered in court, digital forensic examiners are expected to describe whether data have been altered, and if so, then to what extent have data been altered. Addressing these expectations results from opinions digital forensic examiners reach concerning their understanding of electronic storage and retrieval methods. The credibility of these opinions evolves from the scientific basis from which they are drawn using forensic methodology. Digital forensic methodology, being a scientific process, is derived from observations and repeatable findings in controlled environments. Furthermore, scientific research methods have established that causal conclusions can be drawn only when observed in controlled experiments. With this in mind, it seems beneficial that digital forensic examiners have a library of experiments from which they can perform, observe results, and derive conclusions. After having conducted an experiment on a specific topic, a digital forensic examiner will be in a better position to express with confidence the state of the current data and perhaps the conditions that led to its current state. This study provides a simple experiment using the contemporary versions of the most widely used software applications running on the most commonly installed operation system. Here, using the Microsoft Office 2010 applications, a simple Word document, an Excel spreadsheet, a PowerPoint presentation, and an Access database are created and then modified. A forensic analysis is performed to determine the extent in which the changes to the data are identified. The value in this study is not that it yields new forensic analysis techniques, but rather that it illustrates a methodology that other digital forensic examiners can apply to develop experiments representing their specific data challenges

Judges\u27 Awareness, Understanding, and Application of Digital Evidence

As digital evidence grows in both volume and importance in criminal and civil courts, judges need to fairly and justly evaluate the merits of the offered evidence. To do so, judges need a general understanding of the underlying technologies and applications from which digital evidence is derived. Due to the relative newness of the computer forensics field, there have been few studies on the use of digital forensic evidence and none about judges’ relationship with digital evidence. This paper describes a recent study, using grounded theory methods, into judges’ awareness, knowledge, and perceptions of digital evidence. This study is the first in the U.S. to examine judges and digital forensics, thus opening up a new avenue of research. It is the second time that grounded theory has been employed in a published digital forensics study, demonstrating the applicability of that methodology to this discipline. This paper describes the process of grounded theory, a high-level summary of results, and conclusions from the study. --from the articl

Judges\u27 Awareness, Understanding, and Application of Digital Evidence

As digital evidence grows in both volume and importance in criminal and civil courts, judges need to fairly and justly evaluate the merits of the offered evidence. To do so, judges need a general understanding of the underlying technologies and applications from which digital evidence is derived. Due to the relative newness of the computer forensics field, there have been few studies on the use of digital forensic evidence and none about judges’ relationship with digital evidence. This paper describes a recent study, using grounded theory methods, into judges’ awareness, knowledge, and perceptions of digital evidence. This study is the first in the U.S. to examine judges and digital forensics, thus opening up a new avenue of research. It is the second time that grounded theory has been employed in a published digital forensics study, demonstrating the applicability of that methodology to this discipline. This paper describes the process of grounded theory, a high-level summary of results, and conclusions from the study. --from the articl

Judges’ Awareness, Understanding, and Application of Digital Evidence

As digital evidence grows in both volume and importance in criminal and civil courts, judges need to fairly and justly evaluate the merits of the offered evidence. To do so, judges need a general understanding of the underlying technologies and applications from which digital evidence is derived. Due to the relative newness of the computer forensics field, there have been few studies on the use of digital forensic evidence and none about judges’ relationship with digital evidence. This paper describes a recent study, using grounded theory methods, into judges’ awareness, knowledge, and perceptions of digital evidence. This study is the first in the U.S. to examine judges and digital forensics, thus opening up a new avenue of research. It is the second time that grounded theory has been employed in a published digital forensics study, demonstrating the applicability of that methodology to this discipline. This paper describes the process of grounded theory, a high-level summary of results, and conclusions from the study

On the Development of a Digital Forensics Curriculum

Computer Crime and computer related incidents continue their prevalence and frequency, resulting in losses approaching billions of dollars. To fight against these crimes and frauds, it is urgent to develop digital forensics education programs to train a suitable workforce that can effectively investigate computer crimes and incidents. There is presently no standard to guide the design of digital forensics curriculum for an academic program. In this research, previous work on digital forensics curriculum design and existing education programs are thoroughly investigated. Both digital forensics educators and practitioners were surveyed and results were analyzed to determine the industry and law enforcement need for skills and knowledge for their digital forensic examiners. Based on the survey results and the topics that make up certificate programs in digital forensics, topics that are desired in digital forensics courses are identified. Finally, based on the research findings, six digital forensics courses and required topics are proposed to be offered in both undergraduate and graduate digital forensics programs