In: Computer Science
1. What is the "traditional" method for computer search and seizure, and what is the reasoning for this method?
2. Why does the paper advocate collecting volatile data before shutting down a computer? What is the single greatest factor leading to the need to collect this type of data? Why?
3. Does collecting volatile data make changes to the system? If so, why is it still permissible?
4. Is a new search warrant required to collect volatile data? Why or why not?
1. As information and communications technologies have entered everyday life, computer-related crime has dramatically increased. As computers or other data storage devices can provide the means of committing a crime or be a repository of electronic information that is evidence of a crime, the use of warrants to search for and seize such devices is given more and more importance.
Search and seizure is a procedure used in many civil law and common law legal systems by which police or other authorities and their agents, who, suspecting that a crime has been committed, commence a search of a person's property and confiscate any relevant evidence found in connection to the crime.
2 This type of data is called “volatile data” because it simply goes away and is irretrievable when the computer is off. 6 Volatile data stored in the RAM can contain information of interest to the investigator.
Volatile data is the data that is usually stored in cache memory or RAM. This volatile data is not permanent this is temporary and this data can be lost if the power is lost i.e., when computer looses its connection.
During any cyber crime attack, investigation process is held in this process data collection plays an important role but if the data is volatile then such type of data should be collected immediately. Volatile information can be collected remotely or onsite. If there are many number of systems to be collected then remotely is preferred rather than onsite
3.Volatile Data is not permanent; it is lost when power is removed from the memory. During an investigation, volatile data can contain critical information that would be lost if not collected at first. Historically, there was a “pull the plug” mentality when responding to an incident, but that is not the case any more
This volatile data may contain crucial information.so this data
is to be collected as soon as possible. This process is known “Live
Forensics”.
This may include several steps they are:
4 Admissibility of Evidence There are a number of requirements for evidence to be ... the applicable search warrant, but first responders should cordon off and protect ... Data on disk Collecting volatile data presents a problem because doing so .
When we're performing incident response, the most volatile data should be collected first.