Need to reply to the below two students discussions with at least 100 words minimum for each. The questions their responding to is also below in bold.
Evidence Hiding Techniques Questions:
- Explain the steps required to seize forensic evidence.
- Why is hearsay not permitted as evidence in court? In your opinion, should hearsay be considered credible?
- What is steganography? How does it work?
Student 1 discussion:
- Forensic evidence that needs to be seized has to follow certain policies and guidelines by the governing bodies. No matter the type of forensic evidence, all instances should be treated the same as to follow distinct steps. The steps required for seize evidence has a reasonable cause in order to obtain legal paperwork, have a plan in place of how to obtain the forensic evidence, and then the process of retrieving the evidence in order for it to be analyzed by a team of experts.
- Hearsay is not permitted into courts because it is obtained as if it is secondhand information. People could possibly change the information or it can not be proven in a court of law. Hearsay should not be considered credible because people tell lies in order to defame or belittle people all the time. If this type of testimony was allowed, many innocent people would be in jail because of someone being jealous or envy of them concocted a story to make them look bad.
- Stenography is the art of trying to conceal something out of plain sight. From this week’s lesson and reading, stenography is still used when it comes to the prison population of relaying messages to one another. Gangs use this type of technique in order to conduct illegal behavior and communicate in secrecy amongst one another. If this type of information is intercepted by prison officials, it would not look abnormal to the untrained eye. In the end result, it is communication that does not want to be placed in the open in plain text.
Chuck Easttom (2014). System Forensics, Investigation and Response. Jones and Bartlett (2nd ed) ISBN: 978-1-284-03105-8 ebook
Data Recovery Student 2 discussion:
- In order for a seizure of evidence to occur, a court order, subpoena, or search warrant must be obtained. As evidence is collected on digital devices, such as computers, it is important to determine if the device is still on to in order to not destroy any volatile data. If the device is still on, it is crucial to document and record all running process and to see if there are any live connections to the device. After all volatile data is recorded, then the device can be properly shut-down, drives removed, and then create a chain-of-custody for the evidence collected. The evidence should be transported directly to a secure location where it will be stored and analyzed. Prior to evaluating the digital evidence, write-blockers should be used to prevent any tampering of evidence and then the hard drives should be copied and analyzed with a forensics analysis tool.
- The problem with hearsay, is it is a secondary account of what “he said, she said.” This secondary account is non-credible since the person didn’t actual witness the act in question. But rather is hearing a story of what someone else claims to have happened. If a person did not see something firsthand, it would be hard to prove that they themselves got the details exact.
- Steganography is the “art and science” of hiding messages. This is done easily on digital media by imbedding one message into another; presumably a smaller file into a larger file like video or picture. The hidden message is imbedded most often within the least significant bit at the end of bit or byte which appears on the surface as unnoticeable change to the file.
Easttom, C. (2014). System Forensics, Investigation, and Response 2ndEdition.
Burlington, MA. Jones & Bartlett Learning.