Introduction
The data collection phase in computer forensics involves the gathering of all facts and clues that are necessary in the forensic analysis of the case at hand (Mandia and Prosise, 2003). Without the collection of data, important conclusions that are necessary for the case may not be achieved. The data collected helps understand how an incident such as financial fraud or child pornography occurred. The procedures applied need to be done in a forensically sound manner to ensure that the forensic analysis is done accurately. Data collection is aimed at acquiring digital information in a way that its integrity and authenticity are maintained.
Different cases will require different approaches in the collection of evidence. Not all approaches can be applied in a financial fraud case may be relevant in a child pornography cases. This report will seek to provide the different types of data and computer forensic tools that may be used for the two cases mentioned above.
The types of data, locations and/or spaces on the formatted media you may need to investigate with computer forensic tools if investigating a financial fraud case
In a financial fraud case, the most important data entails documents in the form of pdf, excel files and financial statements that may be stored in word format. Data recovery software needs to be used to access and get the data. The data may be stored in the drives partitions.
The types of data, locations and/or spaces on the formatted media you may need to investigate with computer forensic tools if investigating a child pornography case
Data to be investigated in a child pornography case mostly entails evidence of photographs and documents. Additionally, evidence of email communication forms a significant part of the evidence. In the formatted media, most of the images will be stored in the different partitions of the hard drives. Thus, the search using data recovery software needs to target photos images as the main priority, as this provides the most crucial evidence.
Procedures must be used to collect the data in each of these two criminal cases
Data recovery software will be used to collect the images and files or documents for the two criminal cases. Copies of the original files will be made for purposes of maintaining the integrity of the evidence collected. According to Lange and Nimsinger (2009), the copy made will be the useful for the examiner in the process of conducting analysis. As such, several copies can be made, and the original preserved. Since the data recovery process techniques may sometimes disrupt data, a clear chain of custody needs to be documented. Copies will be made using forensic software such as EnCase and the Forensic Tool Kit.
In a child pornography case, the investigator will have to check and recover browser information history. Additionally obtaining ISP logs will be important as it provides details of websites the perpetrator as visited and which may be connected to child pornography (Ec-Council, 2009)
Summary to the findings in these two cases
Investigators usually have different approaches in addressing financial fraud and child pornography cases. In child pornography, photos or pictures are of much more importance whereas, for financial fraud cases, financial statements are more important. However, email correspondence is important in both cases and as such, efforts need to be made to secure an email messages.
References
Ec-Council (2009).Investigation Procedures and Response, Book 1. New York: Cengage Learning.
Lange, M. C. S., & Nimsger, K. M. (2009). Electronic evidence and discovery: What every lawyer should know now. Chicago, Ill: Section of Science & Technology Law, American Bar Association.
Mandia, K., Prosise, C., & McGraw-Hill (Firma comercial). (2003). Incident response & computer forensics. New York: McGraw-Hill/Osborne.
