Computer Forensics Tools – Attacks-Legal Stand

-

Attacks on Computer Forensics Tools – Legal Stand

Direct attacks on the computer forensics process are the newest type of Anti-Forensics and potentially the most threatening.
There are six phases in the process of digital forensics; all are open to attack:

1. Identification refers to the method by which an investigator learns that there is some incident to investigate. This phase can be undermined by obscuring the incident, or hiding the nexus between the
digital device and the event under investigation.
2. Preservation describes the steps by which the integrity of the evidence is maintained. This phase can be undermined by interrupting the evidence chain or calling into doubt the integrity of the evidence
itself.
3. Collection is the process by which data from the evidence medium is acquired. This step can be undermined by limiting the completeness of the data being collected or calling into question the
hardware, software, policies, and procedures by which evidence is gathered.
4. Examination addresses how the evidence data is viewed. This part of the process can be undermined by showing that the tools themselves are inadequate, incomplete, or otherwise not scientifically valid.
5. Analysis is the means by which an investigator draws conclusions from the evidence. This phase relies on the tools, investigative prowess of the examiner, and the rest of the evidence that was found. If a
case hinges solely on digital evidence, the interpretation of the evidence is the part most open to attack.
6. Presentation refers to the methods by which the results of the digital investigation are presented to the court, jury, or other fact-finders. If the evidence is otherwise solid, anti-forensics tools and methods will be used to attack the reliability and thoroughness of the reports -- or the examiner.
Courts throughout the world have long had to deal with scientific evidence and have had to establish rules for
what is acceptable and unacceptable in this realm.
In the U.S., the guiding principle in federal courts and many
state courts is patterned after the seminal case of Daubert v. Merrell Dow Pharmaceuticals (SC- United States-1993). According to Daubert, a judge can determine the admissibility of scientific evidence
based upon four factors:
Testing: Can -- and has -- the procedure been tested?
Error Rate: Is there a known error rate of the procedure?
Publication: Has the procedure been published and subject to peer review?
Acceptance: Is the procedure generally accepted in the relevant scientific community?

Comments

Post a Comment

Popular posts from this blog

What to do when police does not take your FIR?

-
Image
What to do when FIR is not taken by the Police ? A First Information Report is the first legal document that initiates criminal proceedings. The first information received about the commission of a cognizable offense has to be noted down by a Police Officer. It is called as  First Information Report under Section 154 of CRPC. Cognizable and Non-Cognizable Offences: Cognizable offences  are offences where the police can arrest the accused without any warrant. In such offences, the police can Suo-moto take cognizance of the offence and it does not require any sanction from the court in order to begin the investigation. On the other hand,  Non-Cognizable  offences are those in which police cannot make an arrest without taking prior assent from the court. Schedule I of the Criminal Procedure Code clearly distinguishes which offenses are cognizable and which are not. According to section 154(1) of the Criminal Procedural Code,  an FIR can be filed only in cognizable offenses.  Schedule 1 of
Read more

Consumer Dispute resolution under the Telecom Act 2023

-
Image
The Telecommunications Act of 2023 has strengthened the dispute resolution framework by introducing an online grievance redressal system. The aim is to expedite the resolution of conflicts between telecommunications companies and consumers while ensuring transparency in the redressal process. Following an inquiry, a telecom company found violating license or service terms may incur severe penalties, spectrum holdings cancellation, service restrictions, or even be prohibited from providing telecom services, depending on the seriousness of the breach.  How does the online grievance redressal system operate, and who plays key roles?   An Adjudicating Officer (AO), appointed by the Centre and not below the rank of joint secretary, will conduct inquiries to resolve disputes between telecom service providers and consumers. Additionally, a separate Designated Appeals Committee (DAC) will be formed, consisting of officers at the rank of additional secretaries. Individuals dissatisfied with an
Read more

When can Police Arrest you in Cyber crime: Explanation with Case Laws

-
Image
Arrest by Police in cyber crime cases By Adv (Dr.) Prashant Mali Cyber crime is a reality but personal liberty is a fundamental human right and a cornerstone of the social structure.  Arrest brings humiliation, curtails freedom and cast scars forever. Its deprivation is a matter of grave concern.  The law of arrest is one of balancing individual rights, liberties and privileges,on the one hand, and individual duties, obligations and responsibilities on the other. The police officer can , without an order/warrant from a Magistrate, arrest a person in respect of a cognizable offence punishable with imprisonment exceeding 7 years without mentioning any ' special reasons '. The problem arises when it comes to arrest of a person who is accused of an offence which is punishable up to 7 years. The Hon’ble Apex Court in Arnesh Kumar v. State of Bihar, (2014) 8 SCC 273 held; Our endeavour in this judgment is to ensure that the police officers do not arrest the accused unnecessarily and
Read more