The forensic investigation of evidence based on computers is a relatively new concept still in its first decade of development. Over the last 10 years computer crime has captured the attention and interests of many who are fascinated by the concept of 'who dunnit', where the old Sherlock Holmes style powers of deduction can be substituted by knowledge of technology.
Although technology is one of the core skills needed to conduct these modern day forensic investigations, it is not the panacea of all solutions. The role of technical skills is an essential ingredient and the issues relating to them are endless. However, the pace of evolution in technology ensures that issues are short-lived before being replaced by something far more critical.
This document will examine some of these issues in context of the role of technology in computer forensic investigations and seek to anticipate what may lie ahead for the next generation of business and commerce (Haggerty, 2006).
Core Competencies
Expertise
When we feel unwell we make an appointment with our local doctor's surgery. If diagnosed with an ailment we may be referred to any one of a number of hospitals or clinics to see a specialist. We may even get referred from one specialist to another in an attempt to diagnose or treat an illness or its symptoms correctly. There is no single doctor who is able to deal with the vast range of complaints and conditions from which the human body may suffer.
We can look back over the last 2000 years of recorded history and be able to say that human biology has not changed a great deal. Yet with 2000 years of medical practice, it is still beyond the reach of any single 'guru' to be able to claim the title 'human biology expert'.
When we add the concept of a criminal threat to the IT field, we add not one but many more competencies that are critical to the professional investigation of computer crime and related security incidents. By comparison it would be like asking Sherlock Homes to add being a DNA expert, international lawyer and an intelligence database analyst to his formidable, (and fictional) detective skills.
The professional investigation of crime and evidence based on a computer requires a number of core skills derived from knowledge, understanding and experience relating to those skill areas. Acquisition of these competencies requires a dedicated career and can only be presented through a dedicated team approach (Hilley, 2004).
Relevant Technology
Computer crime manifests itself in many different forms and it is frequently described from many different viewpoints. The one inescapable ingredient is that of the relevant technology. Whether the evidence resides on a computer system that is the victim of the crime, or the tool that made it happen, or even just a vehicle in the hands of an innocent third party, the technology and its vulnerabilities must be understood by the investigators.
The term 'technology', in this context is used to describe loosely a vast number of skills that are essential to a professional ...