Crime scene analysis and investigation

  • Print

Today’s Italian regulation doesn’t include any single law collection dedicated to computer crimes or any guideline to be followed in the digital forensic. However, there exist some key principles taken from some laws and from some institutions of undoubted authority.

ACPO (Association of Chief Police Officer of the National High Tech Crime Unit) has established, for example, three fundamental principles that every digital forensic inquiry should be carried out on (a digital forensic inquiry is that which follows a cyber crime):
- The police involved is not allowed to alter the data stored inside any computer system  and meant to be presented during the oral procedure.
- Data have to be accessed only by an highly skilled staff.
- A document attesting the control and the testing of the inquiry procedure has always to be produced;
Other principles have been published by the IOCE (International Organization on Computer Evidence) in order to standardize IT evidence collection; its guidelines are:
- Common language;
- Knowledge of the legal systems involved;
- International collaboration;
- Reliance on the evidence integrity;
- Applicability to the forensic field at any level;
- The person who  access original digital evidence should be trained for such purpose;
- All the activities related to the evidence collection has to be documented, preserved and made available for any control.
IACIS (International Association of computer investigative Specialist)is an international volunteer non-profit corporation composed of law enforcement professionals dedicated to education in the field of forensic computer science. They have also issued four basic principles that sum up the fundamental rules for determining the admissibility of an evidence:
1. The evidence should be handled in the least;
2. Any minimum modification of the evidence during its testing should be accurately reported;
3. Each procedure regarding the evidence should conform to a standard;
4. The expert shouldn’t handle the evidence beyond his/her own technical and professional  capacity.
IT inquiry is therefore an highly complex procedure that can be divided into three main processes:
1. Data collection, the most significant part of the inquiry;
2. Data analysis, carried out both with IT techniques and with traditional investigation techniques;
3. At the end a report is written, containing the final indications and the description of the procedures put in place during the evidence collection and analysis.

Yarix Srl - Vicolo Boccacavalla, 12 - 31044 Montebelluna (TV) - Italia - Tel. +39.0423.614249 - Fax +39.0423.615658
P.IVA - C.F. e Reg. Imprese di Treviso n. 03614930265 REA N. TV - 284927 - Capitale sociale: € 30.000,00 i.v.

Credits