Investigative Collection of Evidence
There is a huge variety of physical pieces of evidence that could be collected at a certain crime scene which could be deemed valuable for the purpose of collecting as well as investigating. some of the pieces of evidence that can help in carrying out the investigation include biological evidence, this type of evidence include body fluids, hair, blood, and other tissues as well. One more type of evidence includes latent print evidence. Some examples of latent print evidence include palm prints, footprints, and fingerprints (Haklar, 2018). Tire track evidence and footwear evidence include soil, glass, fibers, fragments and some more. Some digital pieces of evidence include records of cell phones, email messages, internet logs and some more. Tool mark evidence and various tools, firearm evidence and drug evidence and also helpful in carrying out an investigation. This project aims in presenting various pieces of evidence that have been collected at the time of the investigation. It also deals with the storage of pieces of evidence such that they are not accessed by any unauthorized user or any e member belonging to the organization.
Part 1: Overview/case summary
Considering the work area of Mr. Bellcamp, the organization is known for having an upper hand in the terms of authority as well as permissions. The incident has taken place at the time of the exit interview from the organization. At the time when the exit interview was performed by professionals, Mr. Bellcamp had made certain statements that gave the organization sufficient cause for suspecting him and hence investigate his work area for various pieces of evidence (Geurts-Giele, 2016). As the professional is not an employee anymore of the organization, the workplace that belonged to him is no more his. Hence the organization can investigate his work area looking for pieces of evidence. The organization has in place numerous policies for the purpose of searching during certain times when the organization is convinced that the employees are likely to invade the privacy of the organization. The organization can search the employees that used to be a part of the organization, an existing employee, desk of every employee because the desk is the organization's property (Pleil, Risby&Herbig, 2016). The employee would not require worrying regarding various legal actions or legalities from the ex-employees or employees. For the purpose of ensuring the fact that the organization has permissions as well as an authority at the time of these situations, the organization should create video song educational policies and provide a detailed handbook to the employees. The employees should also be updated regarding the new policies included within the organization. Please help employees to know the privacies that they have and the actions that can be undertaken by an employer in certain situations (Crispino& Roux, 2017). The organization must also update the employees on a monthly basis regarding the new and updated policies and procedures initiated by the organization.
Part 2: Physical evidence acquisition
Q. 2. Look at the photo of Mr. Belcamp’s work area. (See file attachment Work_Area.jpg) Identify four (4) potential items of digital evidence you see in the photo. For those four items, describe EACH item you identified and explain what potential use the item would be within the investigation (e.g., what type of data that item might hold, why it is important, and what type of evidence it represents for prosecution.)
Answer 2: After observing Mr. Belcamp's work area it was quite sure that in the messy place something happened unnecessarily .ostly the four digital items which Suspected was mostly Debian -based, Ubuntu-based and Gentoo based. What else was seen was mobile device forensics, computer forensics, and memory forensics.
- Laptop Computer was the main hardware device that was found. An investigation officer needs to collect the data from the laptop and must be aware of the attack. Of course, he or she (invest officer) needs to record the serial or model number of the device. Now the device should be put aside and aloof.
- Sleuth Kit is a computer operating tool which is based on windows. Here, one can identify the activities done earlier using a term called a graphical interface. At the same time, it shows the type of file or images stored (Muehlethaler, Leona & Lombardi, 2016).
- Caine is an app that totally comes under mobile device forensics, used to find the source of location with four phases of the digital investigation.
- Paladin is simply tasks based approximation that simplifies the complex investigation process by working on the required information effortlessly.
Finding paint chips in a crime scene firstly physical matching is done after that utilization of chromatography or FIR can be registered to find about the different components it contained. Remember it is under the pressure of law and every investigation should be bound or governed under the law (Bell, Sah& Albright, 2018). The technician depends on the location during the ongoing process, gathering and preserving physical evidence through activities and making sketches that help to make the task easier.
3. Select two (2) of the items you identified and describe the steps that would be taken to collect the items (with emphasis on the care and handling, and packaging of each item consistent with digital forensic best practices described in the module content/weekly readings) at the scene. You should document these steps in a detailed way that will mitigate questions, concerns, or a basic lack of information that will call your processes into question in court.
Some of the nondigital pieces of evidence that have been extracted from the picture include the used post-it notes, a notepad, some folders including various files. There had been a plastic case on the desk, it would not be tough to determine what it contains and what it is (Kukucka, Kassin& Zapf, 2017). In all the above-mentioned cases with their printed auraton documentation is supposed to be examined for various passwords. Email addresses, IP, name, as well as addresses data, telephone numbers, directory locations, file names, and some more attributes, would help in carrying out an investigation. Most of the people might think that the individual must not have written down the information that is sensitive in nature like passwords, but most of the cases have shown that around 40% of users tend to write their passwords. This has been proven to be true in this case as well (van Oorschot, Szkuta&Meakin, 2019). The accused had written various passwords in his files. This is expected to help in this investigation.
4. The evidence you seized in Questions two (2) and three (3) must be transported,
secured and stored after removing it from the original scene (the work area) and prior to
sending it for analysis. Describe the security procedures in place as well as any
environmental considerations or protections (specific to computer/digital devices) that
are in place within the storage area, and why they are important.
Answer 4: After the evidence was taken in, they carried on the police vehicle. The police vehicle was escorted by two motorist police. Then upon reaching the police department. The evidence was registered in the police registry (Bitzer,2019). The names of the officers were entered along with their sign. The evidence was taken to the evidence room and given a serial number and stored in the evidence locker properly. Then the evidence room handler locked the room with an airtight door. Deposited the key along with written cause on the registry.
The door security in the evidence room has multiple security checkpoints, keys are a common thing but along with that, there is a fingerprint scanner. With that, there is also a keypad entry system (Morgan, 2017). There is no unrestricted entry in the evidence room by people outside the department. For the security of evidence their police department has also provided security to seized ammunition, drugs and other criminal weapons.
There is no wifi connection within a hundred-meter radius of the department to avoid malicious hacks. The room is constructed using concrete bricks and no drywall is used. The evidence room doesn't have any windows. The door is made of steel and has no glass (Raobertson, Roux & Wiggins, 2017). Inside the evidence room, there is a heat signature detector for recording the presence of susceptible presence in the rooms. The police department is equipped with a computer system that has an inventory system to store and enter the data about the list of evidence and keys.The unassigned individuals of the department are not given any access to the inventory software because that is risky to the security of the data about the evidence. The inventory system has a secure software process to handle unregistered access to the inventory data (Kumar & Sharma, 2018). The data inventory handler with educated and trained individuals to follow security protocols.
The people entering the evidence room are fully aware of the security protocols of the department. The CCTV cameras must capture every area of the police station. Even inside the evidence room, as well as all access doors and temporary storage lockers. Security cameras are controlled by someone who is outside the evidence room. Security cameras are an essential in any evidence container room. The people who visit the department for checking the computer appliance or other electronic devices must have authentication. The evidence room has a fully equipped alarm system that can prevent any intrusion. The entire police office has 7 fire extinguishers in case of any emergency fire accident. The lockers of the evidence are pass-thru evidence lockers contain many powerful and effective secure applications to make sure none of the evidence is damaged. There are many deadbolt locks provided in the pass-thru evidence locker, double-welded doors are there. These are there to protect the contents from being accessed by the unauthorized authority. Multiple door hinges are meant to protect the evidence from being tempered (Dror, 2018).The Unit adequately documented destruction authorization, staging, transportation, and witnesses, however, documentation of item verification is fully done and authorized personnel. The standard regulation has been followed for the security. It has been certified by the official personnel of the depart of police
5. The evidence you seized in Questions two (2) and three (3) must be transported, secured and stored after removing it from the original scene (the work area) and prior to sending it for analysis. Describe the security procedures in place as well as any environmental considerations or protections (specific to computer/digital devices) that are in place within the storage area, and why they are important.
Answer 5: Carrier and Spafford both helped in the process of the investigation but some security must be taken to work smartly and efficiently. Hence we should maximize an environment's ability to collect digital evidence and minimize the cost of forensics during an incident response.
The investigation team with investigation subjects along with the corporate HR department and corporate PR department comprise the whole process of securitization. Management of link and profile center managers should look into the matter properly and code of conduct is to be generated to work. Every task carries a code which is to be labeled in everyone's digital connectivity so that no information is leaked outside. Along with the team, IT staff must be present to easily decode the task to everybody and again code it in a secrecy way. Criminal conspiracy or to commit a crime, today technology with advanced digital proof can be too delicate to handle secretly. Data can be misplaced or easily hacked so to put definite security better encrypted and high code must be generated by the IT department to act privately without third party interference. Rigorous, and detailed plans sometimes hamper the security and in that case, the short decided plan works in creating the forensic reports successfully. Sometimes copying data hampers the stored data and it disturbs the whole process. Working with Class collaboration and documenting digital evidence must be kept in mind. Checking of all hardware and software devices before working with it and validation of the hacking virus must be checked as a security purpose.
From the above discussion, it could be concluded that organization had turned into a crime scene, the crime had been performed by an employee and pieces of evidence against him are being collected in this project. At the time of the investigation, various circumstances that could be encountered by investigators at the crime scene would largely dictate the approach that had been utilized for the processing of the scene. a particular homicide would require various treatment as well as processing compared to a burglary. However, for ensuring a thorough process, there are various steps that must be followed by the investigators. The steps could be carried out in various orders. This report discuss regarding the pieces of evidence collected from the workplace of the accused professional. This report for that provides various steps that could be undertaken by the organization in order to ensure that the employees have detail knowledge on what could the organization do if employees commit such crimes. the organization must also provide a handbook to the employees which would provide details on the policies and procedures that have been implemented by the organization in order to ensure that no unethical practices are performed by the employees. The report discussions regarding the pieces of evidence that had been collected against the accused.
Bell, S., Sah, S., Albright, T. D., Gates, S. J., Denton, M. B., &Casadevall, A. (2018). A call for more science in forensic science. Proceedings of the National Academy of Sciences, 115(18), 4541-4544.
Bitzer, S. (2019). The use and usefulness of forensic science in the investigation. In Homicide Investigation and Forensic Sciences Conference.
Crispino, F., & Roux, C. (2017). Forensic-led regulation strategies: Are they fit for security problem-solving purposes?. In The Routledge international handbook of forensic intelligence and criminology (pp. 65-76). Routledge.
Dror, I. E. (2018). Biases in forensic experts.
Geurts-Giele, I. (2016). Next Generation Diagnostic Molecular Pathology.
Haklar, G. (2018). Plenary Lecture Abstracts. MEDICAL BIOCHEMISTRY, 5.
Kukucka, J., Kassin, S. M., Zapf, P. A., &Dror, I. E. (2017). Cognitive bias and blindness: a global survey of forensic science examiners. Journal of Applied Research in Memory and Cognition, 6(4), 452-459.
Kumar, R., & Sharma, V. (2018). Chemometrics in forensic science. TrAC Trends in Analytical Chemistry, 105, 191-201.
Morgan, R. M. (2017). Conceptualising forensic science and forensic reconstruction. Part I: a conceptual model. Science & Justice, 57(6), 455-459.
Muehlethaler, C., Leona, M., & Lombardi, J. R. (2016). Review of surface enhanced Raman scattering applications in forensic science. Analytical chemistry, 88(1), 152-169.
Pleil, J., Risby, T., &Herbig, J. (2016). Breath biomonitoring in national security assessment, forensic THC testing, biomedical technology and quality assurance applications: a report from PittCon 2016. Journal of breath research, 10(2), 029001.
Robertson, J., Roux, C., & Wiggins, K. G. (2017). Forensic examination of fibres. CRC press.
van Oorschot, R. A., Szkuta, B., Meakin, G. E., Kokshoorn, B., &Goray, M. (2019). DNA transfer in forensic science: a review. Forensic Science International: Genetics, 38, 140-166.