Cyber Forensics: Development of a Case Hypothesis Essay

Throughout time past, forensic science disciplines have helped solved numerous crime investigations and it has given impel testimony in the area of court trials. In order to reduce the sagacity of siding or bias situation and avoidance in prosecuting indigent victims, it is important to analyse, validate and have proper wassailation of digital evidence in the context of cyber forensics examinations. 1 (Noblett et al, 2000) in this essay we will discuss on mingled topics that describe, explain or illustrate on issues such as the motiones that assist in the development of a case hypothesis and as headspring as alternative hypothesis. It will also cover the processes in which how validation check and test are conducted to determine the accuracy of the digital evidence. Furthermore, we will look into the deductive, inductive and abductive reasoning in the field of cyber forensics. Lastly, the essay will also cover on the processes that would improve the communication and presentati on of case analysis to the solicitors and courts.INTRODUCTION to begin with the term cyber forensics was introduced in the late 1960s, most crimes are formally solved using traditional forensic science disciplines. Before the first PC data processor was invented, crimes in those days were not as complicated as compared to today. In this introduction section, we will distinguish between what is forensic science and how it is different from cyber forensics. rhetorical science depends on the capability of the research scientists to develop a case report based on the outcome of a scientific review. For instance , a DNA report analysis of a murder case can be undertaken without the prior knowledge of the victims name or require situation of the crime.2 (Chakraborty, R.1990) On the contrary, cyber forensics sciences main focus is driven on information discovered during the investigation. However the challenge lies in the search campaign of valid and admissible evidence in the media st orage of a computer. The average storage capacity of a PC is approximately 300-500 Gigabytes therefore it is tough to only scan through every single file stored on a suspects computer system, let alone those computer networks. 3 Casey, E. (2004PROCESSES THAT ASSIST TO word CASE HYPOTHESIS /ALTERNATE HYPOTHESIS Beforewe develop a case hypothesis or alternate hypothesis, there are several procedures and guidelines that a forensic investigator must follow and do. Firstly, the investigators must construct a hypothesis of the occurrence which is based on the study of the evidence. On the other hand, the grade of rigidity of this hypothesis also relies upon the type of investigation. For instance, an Interpol police investigation would require the preparation of a detailed hypothesis with discreet and meticulous proper backup to support specimens identified during the examination.4 Ciardhuin, 2004In the case of a police investigation , the hypothesis will be presented before a jury h owever the hypothesis worn-out in a company will be handled by the management. Technically the hypothesis will be verified and an alternate hypothesis as well as supporting evidence will be presented before a jury.The investigators will need to affirm the legitimacy of their hypothesis and protect it against any critics or provocation. In the event if the challenge is successful, there will be a need to backtrack to the earlier stages to collect and search for more evidences so as to construct a better hypothesis. Talking to the experts AKA Hot tubbing is widely used for coexisting evidence. This process involves the court to put several expert witnesses on the fend for together which will in turn saves much time and resources. Moreover, there are two main types of witnesses testimony at a trial, deposition or hearing. They are technical or scientific witness testimony and expert witness testimony. 5Enfinger, 2006 As for technical or scientific witness, the investigator would need to present details of evidence that were discovered during the investigation. They would be asked to describe what was discovered and how it was acquired. During the compilation of the evidence, the investigator must ensure that the evidence collected must be sanctioned and done appropriately with the permission of the owner and the suspect as well as a search warrant or hot pursuit.Also, it is essential that exculpatory and inculpatory evidence is presented. 6 Cohen, 2006 On the other hand , the investigator would draft out the chains of events that have certain connections and linkage to form the chain of handgrip which is basically a documentation or paper trail displaying the seizure, control, transfer, analysis, custody and deposition of physical or digital. Apart from the chain of custody, there is another process known as the chain of Inference which is also referred as concatenate inferences.These inferences between the weak and the strong ones build upon one another unti l they reduce the suspension between the defendant and the conclusion to a manageable distance. The concatenate inferences process may be interpreted by fabricating a hypothetical scenario. The purpose of constructing a chain of inferences is to convince a fact finder that the desired conclusion is the most plausible range of events. On top of this, it is also vital to interiorize the difference between evidence and inference before the development of a hypothesis or the reconstruction of the crime scene.With that comes the formation of crime scene timelines which is an efficient method to derive a conclusion. It is a graphical chart that illustrates the activity time line of crime scene sorted based on the sequence of events. These log entries displayed a unique chain of events that culminate in the incident which is a closer step towards proving a case. 8 Stephenson, 2000 Another important process is testing, analysing and reporting. exam is to ensure that all evidence both ph ysical and electronic gathered must be verified and gone through quality check by scientific personnel to affirm the originality without contamination as well as how this proof of evidence would be of any aid to solve the crime. Analysis deals with what are the issues nominate and intention of the crime act and for each issue how it can be addressed, record, tested and verified. Lastly this analysis will be written down and documented as a report. 9 Robert F. Winch and Donald T. Campbell, 1969