The rate of crimes on internet and networks is increased to an alarming state by hackers, contractors, intruders and employees. Laws are enforced and computer forensics is practiced to avoid and prevent these crimes. Using computer forensics investigators use latest techniques of science and technology to find some evidence against crimes. The evidence will be collected for legal purposes when criminal matters are dealt. Investigation by using latest techniques of science and technology along with computer sciences to collect evidence in criminal and civil courts is called computer forensics. Experts use advanced tools to recover deleted, corrupted or damaged files from hard discs, flash drives and other storage media. A complete examination of windows registry, drives, cookies, deleted files, emails and all other relevant locations is done to find any clue to prosecute the case in law courts.
The first step in collecting evidence is to obtain warrant to search the suspected system. This warrant includes not only seizing and investigating the suspected computer but any devices connected with the crime are also included in it. A printer, scanner or any other device may be used with computer in making crime so these devices are also seized for investigation. Person who examines the computer system is not only an IT expert but a detective. He detects clues to find out the story or details of the crime. The main aim of an investigator or expert is to find out evidence not the culprit. Using computer forensics large amounts of money are recovered by following the law suits in civil and criminal courts.
Computer forensics specialist revealed frauds, crimes and corruptions in insurance companies, criminal prosecutors, large corporations and law enforcement office. The standards, methods and laws of computer forensics are different in different countries. Some evidence is acceptable in some countries but not in others while dealing with crimes at international levels. There is no boundary of internet so it is a problem while investigating and collecting evidences because different countries have different laws.
Personnel, Network administrators and security staff should have knowledge about computer forensics and its legal aspects. An expert should have authority to monitor and collect evidence related to intrusions and computer crimes. The use of security tools should be legal and according to the policies of the company and rules of the country. Computer forensics is a new discipline so the use of existing laws is instable while prosecuting computer crimes. Website of United States Department of Justice’s Cyber Crime is the reliable source of information and rules to apply it. Standards of computer forensics and list of recent cases which are in proceeding are given on the website. Evidences are collected in a way which is accepted by the court. Laws are being approved in the favor of personal data security in organizations.
Organizations have to prove that they have applied necessary securities. So when data is theft or affected then there will not be any lawsuit on the company if proper security applications and policies are installed and implemented.
Computer security law has three areas which one should know. First is in United States Constitution; it protects against unreasonable search, attacks and self-incrimination. These were written before problems occurred but tell how to practice them.
In the second area anyone practicing computer forensics should know the effect of three U.S. Statutory laws.
Pen Registers and Trap and Trace Devices Statute
Stored Wired and Electronic Communication Act
During the practice of computer forensics violations of any one of the above statutes lead to fine or imprisonment. If a company feels any doubt about that it has committed mistake it should consult with its attorney.
In third area U.S. Federal rules about computer crimes must be understood. There are two areas which affect cyber crimes
1. Authority to collect and monitor data
2. Admissibility of collection methods
If network or system administrators know about the legal and technical complexities of computer forensics or they are able to preserve critical data of the organization then it would be an asset of the organization.