CCJS 321 – WEEK 2 DQ

Posted on Posted in Law, Technological Law

CCJS 321 4015 Digital Forensics in the Criminal Justice System – WEEK 2 DQ

Week 2 Question

This week’s reading takes you from the general discussion we
held last week into some more specific details about the role of both criminal
justice and non-criminal justice professionals in the IT and computer forensics
world (Chapter 1), as well as why it is important that you understand the basic
principles and concepts of the criminal justice process. Then we get into
the meat of what you would do and how you would interface with law enforcement
in the event you have to conduct a forensic system analysis (Chapter 2).
Chapter 2 again stresses the importance of understanding the criminal justice
process, as well as discusses different types of devices or file systems that
may contain information critical to your analysis.

Among the basic concepts to understand this
week are that there are many types of evidence one could find in digital
data. Understanding what data you may find, even if it is not evidence of
a crime, is important to preparing a digital examination/analysis plan. Let’s
look at anon-technical example…

When a law enforcement officer applies for a
warrant to search a residence, the officer must specify for what it is he or
she is searching; if the case involves a stolen car, then the officer’s search
will be limited to only those locations a stolen car, or pieces of a stolen car
(in case it was chopped), could be located. It would be unwise to just list the
stolen car on the warrant, as (in the interpretation of the court) might only
limit the officer to the whole car, intact. So, the officer has to
determine at the outset of their search what could have happened to the car
(attempting to account for all the possibilities) so his or her search is
complete (and most likely to yield results). The officer will also have
to justify (in the affidavit) why he or she believes that the car could be
found in smaller pieces. To that end, an officer with auto theft
experience may also be able to state that, in his or her experience, stolen
cars are often broken down into smaller components, which can be identified
with certainty as belonging to the original stolen car, as well as where such
components could be hidden. It would most likely not be enough for the
officer to simply assert that cars are broken down and sold for parts, if he or
she wants to justify seizing an ashtray; the ashtray would need some specific
characteristics to do that.

Search warrants and searches are, therefore, most often limited in scope to
items for which the searcher is looking (i.e., nearly always evidence of a
crime or wrongdoing). You cannot look for an elephant in a kitchen drawer! I
know that sounds absurd, but it is an excellent metaphor… However, if you were
looking for narcotics, they could be hidden almost anywhere, and you could
justify a much broader search. In this example, digital evidence is much
more akin to narcotics than you may think, with evidential data often occurring
in hidden, strange, or unlikely places. As such, warrants to search for
digital evidence often cast a “wide net,” but cannot be so overly broad as to
not be supported by probable cause or violate someone’s 4th amendment protections and implied rights to

Do not despair, however, if you are not a law
enforcement officer… The requirement to obtain a search warrant does not apply
to searches by private individuals or non-government organizations, as long as
the individual(s) have the authority to conduct the search (e.g., IT security
personnel are searching a computer owned by their company for company data, or
an employee gives the company consent to search for their personal data).
However, even those searches may be limited to certain parts of the
computer system(s) or network(s). As noted in the text, if a person is
allowed to use a personally-owned flash drive at work, and that drive is
connected to the computer, you still may not be able to search it without the
employee’s consent. All of these examples depend heavily on established
company policies and what warnings were given to the employee.

The text this week identifies several types of devices on which digital
evidence could be found. For this week’s discussion, please list two of the
devices provided by the text (or other devices, if you prefer), state what
types of evidence you would look for on those devices, and explain what
limitations you might have or what hurdles you would have to clear before
searching those devices (BOTH as a company IT professional and a law
enforcement officer). Identify what, if any, policies would need to be in
place for you to search as a private employee, as well as what limits can be
placed on the search by police. Please discuss thoroughly,
and respond in a substantive, intelligent way to at least one of your fellow classmates.

Leave a Reply

Your email address will not be published. Required fields are marked *