Electronic Crime Scene: A guide for Law enforcement

Electronic Crime Scene: A guide for Law enforcement

Introduction

Electronic Crime Scene Investigation: A Guide for Law Enforcement main objective is to help local and state enforcement agencies and first responders who are responsible for collecting, safeguarding, and preserving digital evidence. During the implementation of the guide, it is worth to note that crime scenes are unique, implying that the judgment of agency protocols, first responders, and existing technology should be taken into consideration. The three basic rules that should be followed when dealing with digital evidence includes not changing the evidence during the collection, securing the transportation of the evidence, and only the authorized and trained people should examine the digital evidence and all things done during the seizure, storage and transportation of digital evidence should be entirely documented, preserved and be easily available for review by the investigation agencies. This paper aims at discussing the key areas of the guideline that require revision

Investigative Tools and Equipment

Standard materials and tools are mostly used to collect devices and items that contain digital evidence. Given the importance of digital evidence during a court process, it is vital for first responders to be cautious during the collection, packaging, and transportation of digital devices.  In case the expertise of first responders is not adequate to handle an electronic crime scene, they should ask for assistance from well-trained personnel or those with advanced equipment (US Department of Justice Office of Justice Programs). Some of the major items that first responders should have in their evidence collection kits include cameras, cardboard boxes, gloves, notepads, evidence inventory logs, evidence tape, antistatic bags, paper evidence bags, labels, permanent markers, and non-magnetic tools.

The identification of all hidden details during an incident depends on the effectiveness of the tools that the first responders have in their kits. There is a need for this guideline to make further improvement of the digital evidence kits to ensure they properly perform their responsibilities. This entails adding the best forensic tools that have been established in the modern world. The update that will be done in relation to investigating tools and equipment will be important since it will improve the searching procedure, preservation, and analysis of the information in the computer system. In this way, potential evidence for a trial will be made easier to access, thus improving the justice system process. The investigate equipment will be updated by using the following tools:

Use of SANS Investigate Forensic Toolkit

SANS refers to a live CD that is Ubuntu-based and includes tools that are required by forensic investigators during the investigation of an incident. SANS can effectively work with RAW and Expert Witness Format and the Advanced Forensic Format. In addition, this tool has a scalpel that is used for data file carving and Rifiuti that is used to examine the recycle bin.

ProDiscover Forensic

ProDiscover Forensic is another tool that can be used by computer professionals to access all data stored in a computer disk besides protecting the evidence that leads to evidentiary reports that are useful in a legal proceeding. This tool has the capacity of recovering deleted files, easily accessing Windows Alternate Data Streams, and capture an image of the Hardware Protected Area. This tool is useful for advancing forensic investigation since it is not possible to limit it in accessing data since it reads the disk when it is at the sector level.

Securing and Evaluating the Scene

The security of a crime scene is a vital issue as far as forensic investigation is considered. The activities and actions that occur at the scene have impacts on the final outcome of the investigation. Once the crime scene is secured, all the potential evidence should be identified, thus ensuring that the integrity of traditional and digital evidence is preserved. Apart from the documentation and photographs that the first responders are required to take in a crime scene, there is a need to update this guidebook to meet the emerging trends of crime scene security and evaluation.

There is a need to update the security and evaluation process of a crime scene since the kind of investigation will determine its acceptability in the court. Once the first responders or investigators arrive at the scene, the first concern is to ensure the safety of people and life while protection of the crime scene and its associated evidence is the secondary concern. The section below discusses specific tasks that should be adopted as updates of securing and evaluating the scene of a crime.

Locking Down the Scene of Crime

Once a strategic investigative response occurs, victims, witnesses, and first responders may still be within the crime scene. The people who are involved in actions at the scene may contaminate the scene in different ways. Locking down implies that all the continuing activities within the crime scene should be stopped, and everyone leaves the scene. This is followed by creating a crime scene perimeter.

Establishing Path of Contamination

All potential contaminations of a crime scene cannot be entirely eliminated. The ongoing contamination can only be recorded or controlled with the objective of avoiding damage to the forensic integrity of the exhibits and crime scene. A path of contamination refers to the designated pathway that is used by investigators and other authorized personnel as they re-enter the scene after the establishment of a perimeter lockdown. As forensic specialists and investigators enter the scene of a crime, they are required to remain within the path of contamination and should record their departure. This also involves giving an explanation of new contaminations, for example, as the specialists take exhibits or dusting for fingerprints.

Documenting a Crime Scene

This guide has emphasized the significance of documenting a crime scene since it provides a record that is used during an investigation. The most important aspects that need to be recorded accurately, as noted by this guide, include the location of the scene, power status, storage media, conditions of computers, mobile phones used, and internet access. The initial documentation should include photography, notes, sketches, and videos. A unique code that is difficult to decipher should be used by first responders to avoid vulnerabilities (Loja and Novillo, 2016).  Nonetheless, first responders may be limited in their efforts to collect electronic components and devices at the scene of a crime.

Based on the limitations of documentation of scene crimes as indicated in this guide, there a need to update and make a necessary revision to ensure the applicability of the investigation in court.  Documentation of a crime scene is the most time consuming process during an investigation, but it is the most important stage of an investigation. It is the responsibility of investigators to verify digital evidence produced in courts and ensure they are qualified enough to start the prosecution (Dokko and Shin, 2019). The current and future technologies will enhance the creation of platforms that will effectively manage and integrate forensic activities using simulator systems (Morgan and Dror, 2019). The purpose of revising the documentation process is to ensure the discovered evidence in the crime of the scene is in good condition and be useful while investigators are initiating a case in the court.

One of the approaches to update the documentation process is through the use of the rectangular coordinate mapping. This is a baseline technique that is slightly accurate since it uses two baselines and not one. This method entails taking two measurements of a location or item at the crime scene. To increase accuracy, multiple rectangular measurements are used. This technique is more applicable in interior scenes that are small or in a confined space. Polar coordinate mapping can also be used as an additional method of documenting a scene of a crime. This involves using a two-dimensional approach that helps in indicating the location of an item by providing the distance and the angle from a fixed point. These polar directions and angles are measured using a compass or a transit. Total stations are modern technologies that can be added on this guide since they have the capacity the polar coordinates into grid coordinates. This technology is beneficial since it provides clear electronic measurements and can be used to document large-scale events and scenes.

Conclusion

Electronic Crime Scene Investigation: A Guide for Law Enforcement provides reliable assistance to first responders and law enforcement agencies who are responsible for collecting, storing, and transportation of digital evidence. Given the emerging technologies, perpetrators of crimes can use this opportunity to destroy evidence with the intention of disrupting the investigation process. This means that there a need for investigators to improve their investigative tools and equipment by using SANS and ProDiscover Forensic. Likewise, scenes of crime should be effectively secured and evaluated to make the evidence useful in a court. Some of the key strategies that this guide should incorporate include locking down the scene of a crime and establishing the path of contamination. Effective documentation of a crime scene can also be achieved through the use of rectangular coordinate mapping, polar coordinate mapping, or total stations.

References

Dokko, J and Shin, M. (2019). A Digital Forensic Investigation and Verification Model for Industrial Espionage: 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10–12, 2018, Proceedings.  Loja, N, and Novillo, J. (2016). Digital Forensics Tools, International Journal of Applied Engineering Research 11(19):9754-9762

Morgan, R, and Dror, I. (2019). A Futuristic Vision of Forensic Science, Journal of Forensic Sciences.

U.S. Department of Justice Office of Justice Programs. Electronic Crime Scene Investigation: A Guide for Law Enforcement.  Available from file:///C:/Users/Express%20Cyber%20PC%203/Downloads/Electronic%20Crime%20Scene%20Investigation%20-%20A%20Guide%20for%20Law%20Enforcement.pdf