Free «Cyber Forensic Examination» Essay Sample


Presentation of evidence that has been generated by digital means is being embraced by many courts around the world. One challenge that law practitioners face is in-depth understanding of what digital evidence really means and determining the scope of evidences that can be regarded as a digital evidence. The major issue is import of files and forms or rather existing evidence that is expected to rightly fit technological requirements.

This factor created a need to come up with guidelines that would give direction on what legal fraternity should present and what should be regarded as digital evidence. A substantiation process must be conducted prior to determining the significance of the evidence. It is wrong to believe that the issue concerning computers and their usage can be solved well using the laws that have been in existence. The fact that law practitioners try to modify the language they use to suite the computer field is not adequately solving this problem.

Computer crime is any criminal act that is performed using a computer or with the aid of a computer. Cyber crimes are a subset of other convectional crime (Akester, 2010). This paper presents a detailed guidance and direction on how to validate digital evidence that is suitable and needed by law practitioners to provide valid argument in the court. The model that has been presented is assuming an interrogative approach so that it takes into account different aspect of interpretation.

Buy Cyber Forensic Examination essay paper online

Title of your paper
Type of assignment
Academic level

* Final order price might be slightly different depending on the current exchange rate of chosen payment system.

VIP Services package ?

Special offer includes all VIP services: top 10 writers, priority Support, VIP editing, extended revision period, SMS notifications, and plagiarism check at a very attractive price.

  • Total price
Continue to order


This paper tries to examine the cases that have been previously handled and determine how the presented evidence was generated. It further provides recommendations regarding the value that the same evidence should have it terms of validity. The foundation of validation is the evidence-based deduction. Determination of whether similar confirmation can be dependable to be used in a law court is the main aim. There are varying sections in the field of digital evidence that have to be established before the validation process is carried out (Berk, 2007). This entails cases in which advance, analysis, and passing are favored in addition to the file that enclosed the evidence, software programs that run the application, and hardware, which contains the information. The fact that there is a good system that can be used to maintain and get evidence that is obtained from the site where the crime happened and the truthfulness of such evidence as far as court appearance is concerned is still a big problem that needs to be considered. The suggestion that was given for grave validation process appeared to be a frantic activity to people carrying out the search. Moreover, it gives hard time to experts, who are committed to the law. A single thing  that is incredibly clear is that legal practitioners still chip away at the strength of the proof that is digital in nature. Its complication is more technical divergent from the normal evidence (Anderson, 2009).

The verdict that has been made in preceding cases that necessitated consideration of digital evidence may have been inclined since the most formative factor has been the running away from scientific convolution and settling on expeditions. Any case where digital proof was composite in terms of know-how was stopped, hence becoming extraneous to either the defense or the plaintiff. Based on this fact, it is clear that settling a case that involves the use of digital evidence in the forthcoming days will be more mind-numbing unless a strategy is put in place to corroborate this evidence. This is because the rate at which computers and digital devices are used is alarming. As such, digital evidence is used more progressively and at the same time becomes more intricate as technology evolves (Carry, 2005).

The foundation of legal dispute is to try to give weight to facts and any piece of evidence that is made available before the adjudicator. An argument that is dealt with by the legal organization can be an intricate task that throws its resolution from a long list of issues that are offered as show evidence (Franklin, 2009). The idea of using digital evidence that has in principle complex nature is a big dispute that scares law practitioners. Having an expert, who can technically handle digital analysis process and present it in a simplified form that can be understood by judges is essentially what most law firms face. This is the rationale why it is not easy for them to offer such evidence in court. An otherwise simple case can turn out to be a total failure due to meager digital evidence analysis. In addition, when digital proof is handled by an individual, who has little knowledge about it, this can delay the argument that is given in a law court. Such abuse of digital evidence can result in unfair ruling (Caloyannides, 2009).

Process and Method of Developing Case Hypothesis

To come up with a supposition for a legal case, there are two areas that need to be looked into. The first domain is the investigative domain that comprises of phases that the person who undertakes the investigation goes through to ensure that the evidence can be kept safely, retrieved, chosen, and made valid so that the legal domain phase can be handled by practitioners in the legal field. The second domain entails development and presentation of the argument by the lawyers. The most crucial stage is the validation phase, which connects the stage of locating the evidence and choosing the evidence by the specialist, who is doing the investigation and also any other person who wants to use this evidence, especially those individuals who practice law. The phase entails assessment of difficulties that lawyers face upon receipt of evidence that is in a digital form. In addition, description of methodologies that can be used to provide an evaluation on the validity of evidence in the scope of their expertise is also availed.

The initial step in the investigation phase is the process whereby the person doing the investigation ensures that the evidence is saved by taking into consideration the fact that evidence is fragile, and hence vulnerable to destruction or modification when mishandled. Therefore stabilization and separation is done to protect the evidence from being contaminated and hence tempers with its integrity (Berk, 2007).

The next stage entails location and identification of the evidence for a particular category of offence. This is done to determine the fate of the hypothesis concerning a specific crime with the aid of a number of mechanisms and tasks that complete this particular process. The third stage is when the person carrying out the investigation goes through the evidence to find out the task that happened in the container of the evidence and its importance in terms of validity to the case at hand. When the investigator feels that the type of data that he has concerning the digital evidence is not satisfying, the he/she should put into consideration active, archival, and latent data. Taking into account the three types of data will result in getting more accurate and valid digital evidence (Edwards, 2006).

Want an expert to write a paper for you Talk to an operator now Start live chat now  

The entire course of testing proof to decide on the level of soundness is carried out in the substantiation stage. The entire process of corroboration entails confirmation of the content of the evidence. The fact that this course of action necessitates huge resources in terms of money has a bad effect to the task. Another undoing appears when searchers do not really know the significance of critical examination of digital evidence. This results in generation of untrue evidence and this can lead to the legal practitioner offering meaningless argument in the court.

Another con is ineffectiveness of investigators in terms of the scheme used in analysis and in knowing whether the tests that are carried out are dependable. Other factors, such as false analysis of evidence, can bring down the value of this evidence.The investigation that has been carried out has paid attention mostly to assisting researchers and doing little on the side of legal practitioners. Little endeavor that has been directed to the legal practitioner part, in an attempt to tauten up the analysis of the proof so as to ensure the truthfulness and accuracy of the evidence. Agencies that implement laws need to review the law in order for them to come up with new tools and means to fight this offense. 

A more pressing and disturbing idea is that the person committing these crimes has resources, for example, the skills and expertise in the Internet use and he or she is determined to frustrate or rather humiliate the victims. Research has shown that such perpetrators can decide to do so because of vengeance. Research has shown that stalkers are more experienced in terms of age education and professional background. Gender also plays a role in this act because the study that was carried out in France showed that males are mostly the predators (Casey, 2011). In general, the major factor that makes the process of investigating and prosecuting cyber stalkers is educational and social status plus economic ability. Researches that have been carried out in the field of information technology have never given any consideration on the legal part (Cohen, 2008).

Validation Process of Digital Evidence

Among the tasks that become carried out in the corroboration process is cross-examination. While undertaking this course, evidence that becomes retrieved from an assembly of exhibits is authenticated. During this process, there is a succession of prompt process that is undertaken in order to try to describe validity of the proof. Answers that are offered can be Boolean algebra, where the answer can be true or false. If this is the case, the fate of evidence can be accomplished with a lot of straightforwardness. Another response that merits for more scrutiny and more facts is not clear (Trevor, 2011). When evidence necessitates more explanation, then bringing in a person with more skill in digital forensic is vital (De Weger, 2010).

Any digital proof that is used in a legal issue is examined basing on the weight that it has on deductions that were used. A demonstration is determining whether an electronic mail that was erased from a computer had the proof that could be sensible, and the act was to obliterate the evidence. This is a basis of establishing truthfulness of the evidence since the declarations that are based on evidence are always questionable.

To more comprehend the validation course, a graphical illustration is used to show the allegation that is given, which is digital in nature (Koehler, 2010). Primary function of this decomposition is to come up with a course, which is methodical and can establish truthfulness of the proof. The illustration is made up of a circle that assumes the place of assertion that supports the evidence that is offered. In every declaration, for instance, the preceding, a decision is made on whether the exhibit is accepted or rejected. Circles labeled two and three represent secondary assertion. The decision made here is depended on the outcome of the first. Using the illustration of the deleted email, the metadata of the email file can be accepted or rejected and the process of undergoing further assertion continues. The process proceeds up to a point whereby a sufficient interrogation is achieved.

A chain of evidence should be continuous when it is approved. When one of the exhibits is cancelled, the chain breaks. Diagrams below show both cases. The first case is when the exhibit is accepted, while the second case shows how it appears when one of the exhibits is rejected.

Hypothetical Illustration

Special offer for new customers!
Get 15% OFF
your first order

A case that is hypothetical can illustrate the process of validation. Take a case where someone uses a computer to threaten another person by sending messages or emails. The same person goes ahead and removes the message or rather the email from the computer so that he or she will not be known. While in the process of doing this, somebody happens to have noticed this individual entering the building. Investigator found fingerprints of people that have used the computer and it happened that suspect’s fingerprints were retrieved, and it indicated that he or she used that computer during that particular span of time (Rissland, 2002).

Considering evidence that there was a removal of the file from the computer, it will be unfair to know all activities that took place (Spafford, 2010). The connection between deletion and the suspect being in the building does not allow to make clear conclusions. The illustration that is given here tries to look for reasonable components of the file that was deleted. The analysis identifies the type of evidence. This entails application components of file and it can provide a basis for validating the timestamp when the file was deleted. This is followed by checking the result of the assessment.

By decomposing the case, the otherwise complex and long evidence validation process is simplified. Graphical representation below assesses the file that was deleted and goes inside every subtask of exhibit that attests validity by giving assertions at an advanced level. This analysis is expected to provide a recommendation that will be valid and acceptable before the legal team (Rissland, 2002).

Alternatively, the evidence can be invalidated due to the fact that there is no evidence that link the suspect and act at the secondary assertion that is ranked fourth. Another alternative case is the one that comes up when the validity of the message file is abnormal in respect to the time when the deletion was made. In such a scenario, the expert has to look for more reasons that will associate the modification process to other activities that succeed in obtaining the evidence, for example, the scanning for the virus. Eliminating any change of arguing that changes or modification that did not take place during the virus scanning process is always complicated. Therefore, laws and methodologies that can be used to prove this point should be devised (Baggili, 2011). In addition, some data that is retrieved and is supposed to be presented as evidence can be very complex to an extend when a novice computer user cannot understand its in-depth meaning.

Another issue is the way legal practitioners can argue or interpret different assertions. This is because truth or falsehood of an argument that a legal practitioner presents is based on the support that he or she gives. An argument can be frustrated by the legal team not because it is baseless, but due to the fact that the person presenting it cannot express the idea according to the technical standard. Therefore, it can be misunderstood by the judge. As such, there should be adjustment in the nature of digital evidence so that the scope is able to cover it all.

After seeking more explanation, it was evident that the task of scanning the virus had nothing to do with the alteration of the deletion timestamp. This gives a ground for sustaining validity of the evidence. The scenario gives more consideration to obtaining evidence from the part that was not accepted and at the same time try to confirm that. However, the endless list of questions that existed in the simple hypothetical is still showing that an increase of the same can be realized as the case becomes more complex (Etter, 2009). The act of splitting previous simple evidence reveals more evidence that proves that truth existed in the original assertion.

Interrogation Matrix

To assist individuals that practice prompt are in most cases necessary in inquiring of the proof. These prompts at the beginning give more details on the evidence of digital nature. In addition, the prompts will also provide a cautionary measure to the individual practicing law if there is a need of further validating the content of digital evidence. This is achieved by establishing a matrix for interrogating the components of digital exhibit essentially required in making a more suitable judgment by the legal practitioners. The success or further validation of the evidence is hence based on this (Taylor, 2010).

A matrix that tends to strengthen the process of validation interrogation provides prompts to guide the questioning to try obtaining more actual information. It can also be useful in confirming or rejecting the authenticity of particular evidence. The person who performs inquiries chooses one of these two options provided. For individuals, who really want to obtain digital evidence that can be useful in the incrimination of the suspect, they have to effectively make use of patterns that are separate and can help them extract more valid evidence. The same can be used to come up with alternative evidence that can be used to defend the suspect in court by using negated assertion to build his or her evidence. In addition, a checklist can be developing to provide a basis for validating the evidence by counteracting its state with the standard that is clearly defined in the checklist. A good example of a checklist that can be used for the hypothesis discussed in this paper is shown in the table below.


The scope of this document is a process, which is practical and can be used by any individual who is practicing law to formalize an evidence of digital nature by following the laid down sequence of probing the involved parties and combining the outcome with what is obtained from digital devices e.g. fingerprints from computer keyboard. The recommendation here is to have a checklist in place so that it can be useful in supporting  the prompting process and come up with a more  standardized evidence. This is a cornerstone in differentiating whether validation of evidence has been effective or  there is need of further validation of this evidence. A matrix for interrogation that adds emphasizes on the process of validation provides prompts to guide questioning, necessary for obtaining more information that includes facts and can be used to confirm or reject reliability of a particular evidence. One can choose either of the two options provided. Further recommendation is that if legal practitioners can employ this methodology, then the process of obtaining a well grounded digital evidence that has always been considered complex and unsuccessful turns out to be a thing of the past, and cases that the law firm handles in the court that deal with digital evidence are a guaranteed success to them.

Recommendation regarding critical validating process has been established beyond any reasonable doubt to be a difficult activity for individuals carrying out investigation, and, more so, gives hard time to specialists who are practicing law. One thing that is clear is that legal practitioners still sabotage the strength of the evidence that are digital in nature, and their complexity is more technical in comparison to the normal (Trevor, 2011). Another suggestion is that the research carried out in the field should be embraced so that a generic model of checklist could be developed based on ontological reasoning that can be useful in the field of digital evidence examination. Due to the fact that there is a good technique that can be used to retrieve and store evidence obtained from the scene where the crime took place, the integrity of such evidence, as far as court presentation is concerned, is still a big challenge that needs to be addressed. 

Most popular orders


What Our Clients Say

Read all testimonials
Get 15%OFF   your first custom essay order Order now Prices from $12.99 /page
Click here to chat with us