Is digital evidence collected from a volatile source as valid as that collected from a static source

0 Comment

Evidence sources in the recent times has shifted from static source as one of the initial steps in evidence collection to adoption of digital source which is quickly driven by the ever changing dynamic computing environment. Evidence from volatile source can be referred to as data that provides a linkage that is significant between the victim and the perpetrator (Wang 2007). It can be gathered from anything that is criminally related such as such as theft of trade secrets, destruction of intellectual property and fraud to the usage of computer. Static source can be referred to as data preserved when the computer is turned off conserved on a computer hard drive or another medium as opposed to volatile source whose storage is in memory and gets lost when the computer is turned off. Introduction There are various ways of collecting digital evidence from the scene of crime. The most prevalent techniques are collecting digital evidence form volatile sources and collecting from static source. Data from volatile source might have key evidence. It is therefore vital that at the scene of crime, the computer remains on. Tools for data collection range from various software such as data recovery, file examination, internet protocol tracking, decryption, authentication and most notably backup. Other notable tools are needed when obtaining data such as hardware imaging tool where bit by bit of data is copied using a method known as a bit stream copy. Data backups are always considered first with a principal objective of retaining the original evidence. Scope Casey (2000) lays out the physical characteristics of digital source where he asserts that it cannot be kept in its original state easily since the computer system records data in binary form that is 0 and 1 where the copied data has user modifications making it difficult to recollect volatile source in its original status. Volatile source can easily be produced hence prone for it being modified or copied raising doubts on its source and integrity. The negative impact posed is the difficulty to deduce directly the relationship between evidence obtained and the suspects as posed to the highly efficient methods such as deoxyribonucleic acid (DNA) or fingerprints that is used for evidence authentication. A computer uses random access memory (RAM) to store volatile data by way of writing current processes in the form of a virtual clipboard for process usage and immediate reference. The information that may be of interest to the investigator include running processes, console executed commands, clear text passwords, unencrypted data, instant messages and the internet protocol addresses. There can be a scenario where an examination of a running system is required involving a computer during investigation. These can be enhanced using home networking technology which allows an investigator to have a small network to facilitate any investigative situation involving a computer. Volatile source data preservation and forensic examination analysis will surely be the way forward for many years to come for digital evidence collection. Investigators ability to collect crucial evidence at the crime of scene ought to be critical most importantly when they are provided crime scene collection skills so as to deal with the challenges and workload brought about by