Question

In preparation for a court appearance, the federal law enforcement agency wants to ensure proper forensic processes and techniques are used in a computer crime case involving identify theft.

When challenging the admissibility of the digital evidence, the defense examiner will evaluate the authentication and chain of custody techniques used. The federal law enforcement agency would like your company, AB Investigative Services (ABIS), to identify in a report the possible authentication and chain of custody techniques acceptable in the investigative process, including issues relating to First and Fourth Amendment privacy issues with respect to computer-related technologies.

Using the library, Internet, or any other credible materials, provide the following in your report to the federal law enforcement agency:

Begin the report with a one page overview of the forensics process and the steps taken by an examiner related to identity theft and computer crime.
Provide 2-3 pages identifying:
two recommended examples of authentication acceptable in the investigative process of identity theft
two recommended examples of chain of custody techniques of digital evidence.
Provide 2-3 pages explaining:
what is considered legal or illegal under the guidelines of the First and Fourth Amendments in relation to the identity theft investigation
Cite your sources using APA style.

Answer 1

Overview of the forensics process related to identity theft and computer crime

Forensic science as defined, is the application of science to criminal and civil laws, mainly—on the criminal side—during a criminal investigation, as governed by the legal standards of admissible evidence and criminal procedure.

Forensic process related identity theft & computer crime:

1. Collection of evidence: The first step is the search & seize of any evidence found. The next is to acquire as much data as possible from the victim that includes but is not limited to Social security number, Date of birth, Financial statements, a timeline buildup of the crime & how the crime was discovered.
2. Examination of evidence: Using forensic techniques by the electronic, computer and telecommunication experts, the analysis of the gathered evidence is done. This may include analysis of microprocessors, circuit boards, keypad codes etc.,
3. Analysis of evidence outcome: Based on the evidence on hand, the case is analyzed and enough points are gathered to build up a case against the accused. Forensic tools are employed and used for analysis of the crime.
4. Written reporting of evidence & outcome: Factual pieces of evidence gathered as part of forensic analysis should be written and submitted as a report. This is important for the attorney to prepare for the attorney to clear the facts of the case. It is also required as a testimony.

Steps that are taken by an examiner related to identity theft and computer crime:

1. The examiner traditional uses 'Dead analysis' or 'live analysis'. A 'dead analysis' is associated with data that is identified in a controlled setting such as hard drives, external storage devices etc., a 'live analysis' is done where the system is up and running and data should be extracted as and when it is generated.
2. The examiner uses network-related tools such as Network Forensic Analysis Tool (NFAT) to identify internet-related fraud.
3. The examiner uses forensic tools such as X-ways forensic addition, Linux DD etc., in order to analyze the data in depth.
4. The examiner then comes up with the facts and writes up a detailed report of the findings.

Two recommended examples of authentication acceptable in the investigative process of identity theft

Authentication means confirming the truth of something. In this case, the identity. The two recommended examples are,

1. Identification documents
2. Identification biometrics

Documents: In authentication, identification documents can be Personal Identification Number (PIN), Passwords, Key codes, Original account related cards, wallets etc.,
Biometric: In authentication, identification biometrics can be a person's retina, fingerprints or even voice, in order to confirm identity.

Two recommended examples of the chain of custody techniques of digital evidence

1. All first responding officers trained enough to tag and lock up the hardware evidence. Authentication for logging in and logging out in order to access the evidence.
2. Protect evidence from unintended altering during the investigation. Digital hashing the evidence will help keep track of the evidence for changes if any.

What is considered legal or illegal under the guidelines of the First and Fourth Amendments in relation to the identity theft investigation

1. It is legal to deny unreasonable searches without a warrant according to the fourth amendment.
2. It is legal to search a place if the 'privacy' of the place is not established as private by society.
3. It is illegal to obtain text messages from operators without a warrant.
4. It is illegal to monitor the GPS by placing a tracking device of a physical object without consent.

Citations:
Katz v. United States., 1967., 389 U.S. 347 (ruling that interception of a person’s conversations made over a public pay phone is a “search” for Fourth Amendment purposes).
Morrison., Fourth amendment protections warranted in digital searches, Pg. 21