chapter  Chapter 9
21 Pages

Digital evidence and computer forensics

WithRaymond J. Hsieh

The National Institute of Justice (NIJ) defines digital evidence as information and data of value to an investigation that is stored on, received, or sent by a digital-related device or attachment. This evidence can be collected when digital-related devices or attachments are seized and secured for examination. The Scientific Working Group on Digital Evidence and the Scientific Working Group on Imaging Technology (SWGDE/SWGIT) indicate Digital Multimedia Evidence (DME) is any information of probative value that is either stored or transmitted in a digital form including, but not limited to; film, tape, magnetic and optical media, and/or the information contained therein. Computer Forensics is a fast-growing discipline and practice that blends many areas of expertise together. It includes investigation of cyber crimes, terrorism, child pornography, fraud, e-scam, network intrusion, drug/human trafficking, and traditional crimes. With the increase in e-mail phishing, scams, and fraud attempts, forensic investigators need to understand how to review and analyze the unique content of e-mail messages.