Digital Data Retrieval and Inspection
The social environment of the 21st century is characterized by the global implementation of technological advancements. The lives of most people today are inseparable from sophisticated electronic devices. These appliances serve to enhance access to knowledge and facilitate numerous procedures while containing large amounts of data. Such information can be invaluable for an investigation, but the process of its retrieval and handling appears complicated due to the recent emergence of devices. Digital data is a recent concept in the area of forensics, meaning that its inclusion in the general protocol remains an ongoing process. Existing policies and guidelines were devised prior to the widespread of technology, and they had to be readjusted to correspond to the new reality. The purpose of this paper is to examine the methods of digital data retrieval from personal electronic devices.
Search Warrant and Electronic Data
Search warrants serve as one of the cornerstones of the fair, democratic process of investigation. The term itself refers to an order issued by a court authorizing law enforcement to search premises or acquire the possession of a certain item (“Article 11”, n.d.) In case of an item, search warrants are granted if they were obtained through illegal actions or if they qualify as evidence in an ongoing investigation. The necessity of search warrants is justified by democratic principles, upon which all societal aspects should be based. The Fourth Amendment of the United States Constitution aims at protecting the privacy of all citizens from the government’s intrusion. Accordingly, all searches and acquisitions must be based on solid reasons, and only courts are authorized to make such decisions. This way, the system serves to prevent the cases of power abuse by law enforcement and maintain the civilized nature of investigations.
Digital Data Inspection
The issues regarding privacy and law enforcement’s intrusion have become topical in the digital age. Indeed, the users of modern appliances both willingly and unknowingly share much information regarding their purchases, preferences, and movements with third parties. Simultaneously, the contents of one’s mobile phone or computer contain immense data, which may be deemed necessary by law enforcement. The Fourth Amendment does not cover information, which is explicitly disclosed to third parties, meaning that a considerable amount of information can theoretically be obtained without a search warrant. Furthermore, unlike traditional evidence, digital data inspection does not rely on a well-defined set of protocols and regulations (Montasari, 2017). However, the recent trends point at a stronger focus on digital privacy, and, in 2018, the Supreme Court ruled that the use of mobile data is not subject to the third-party doctrine (Gelb, 2018). Therefore, all information from personal devices can only be retrieved via a court order.
Cellular Phone
Cellular phones are owned by most people in developed countries. The range of functions of such devices has become widespread, and they now contain immense amounts of data, which may be used in an investigation. Once a search warrant is obtained, the phone is to be located and collected in compliance with the protocol. I The device is to be packed and labeled individually prior to being transferred to a cyber-forensics facility. This procedure includes recording the serial number of the device and its battery, as well as taking photographs of its appearance. All of the phone’s contents will be copied and examined, whereas the history of GPS locations will be accessed and compared to the cell site location information obtained through a corresponding warrant.
Personal Desktop Computer
Personal computers represent another source of information of vital importance. It may contain relevant records of illegal activity, particularly valuable, for example, in cyber- and white-collar crime investigations. In most cases, it would suffice to confiscate the hard drive for examination, as it would contain the potentially compromising data. In this scenario, it is to be packaged separately with the date, time, and serial number properly labeled. If the entire computer is to be taken as per the warrant, the integrity of the equipment must be ensured. The device is to be disabled in a due manner to avoid any technical issues. However, if there is a possibility of file-destroying malware installed by the suspect, the computer must be disconnected from the power supply immediately. All of its parts (monitor, keyboard, and mouse) will be packaged and labeled separately. Similarly, photographs must be provided, along with serial number details and the full list of details. Next, the contents of the hard drive should be copied to a secure server, having searched it for traces of erased files.
USB Memory Stick
The handling of a USB memory stick is similar to the procedure implemented for a personal computer and its hard drive. This appliance serves to store data, which is both the external characteristics and the contents of it should be fully recorded. This small item will be packaged separately in the presence of the required parties. The owner of the memory stick will be informed of the law enforcement’s intentions to examine it. However, as this a small, portable device, it will be necessary to check it for fingerprints to reveal the potential holders of the memory stick, which could have been passed to other people. These appliances have a higher chance of containing information pertinent to the case, as they are depersonalized and easier to conceal.
Live and Disabled Data Acquisition
Upon being discovered, an appliance can be either active or disabled. In the second scenario, it will be necessary to check whether the device functions properly. In the case when it cannot be activated, this fact should be properly documented as to avoid any future accusations of mishandling the evidence (Montasari, 2017). However, if the device is live upon retrieval, the procedure will be different. Any external connection (such as Wi-Fi, Bluetooth, or Ethernet) is to be disabled to avoid interference from the outside. Next, the proper shut-down process must occur in order to ensure data preservation during transportation to the examination facility.
Conclusion
In conclusion, the handling of digital evidence has become a topical issue in the area of contemporary forensics. Technology is an integral component of modern life, and its influence permeates various aspects of it. Generally, the collection and acquisition of digital data must comply with the principles of evidence handling established by centuries of practice. Obtaining a corresponding search warrant, which describes the objective of the confiscation, is an indispensable part of the process. All pertinent features of a device are to be recorded to ensure the transparency and legitimacy of the process, as dictated by the United States constitution. In turn, law enforcement and forensic specialists should follow the required technical protocol, which will ensure the integrity of the obtained data. This way, the investigation will be within the legal norms, and the evidence will be more likely to be accepted by a court.
References
Article 11. Search Warrants. (n.d.). North Carolina General Assembly. Web.
Gelb, D. K. (2018). Why Carpenter v. United States warrants a warrant for our whereabouts. Criminal Justice, 33(1), 35-36.
Montasari, R. (2017). A standardised data acquisition process model for digital forensic investigations. International Journal of Information and Computer Security, 9(3). Web.