Forensics Journal - Stevenson University 2011 | Page 33

FORENSICS JOURNAL

When using software programs, investigators must ensure that the
evidence is removed from the seized computer in accordance with the
law. Many computer software programs and tools have the ability to
identify digital coding and illicit videos and photographs. When these
codes are shared online between computers, investigators can detect
the Internet Protocol address responsible for sending and receiving
the illicit images.

Forensic evidence is widely used in court proceedings; however, handling of computer evidence and chain of custody must be meticulous.
Problems occur with the mishandling of computer evidence when
traces of important evidence are hidden. A simple misunderstanding
or miscommunication can cause a mistaken conviction of an innocent person. During the recent case State of Connecticut v. Julie Amero
in Norwich, Connecticut, Amero was wrongly convicted of “the
delinquency of minors because a spyware-infected school computer
in her class displayed pornographic sites’ pop-ups during her lecture.
Amero’s conviction, which was later overturned, demonstrated a
lack of technical awareness within the legal system” (Peisert, Bishop,
& Marzullo, 2008). It is obvious that the judicial system has not
adequately defined the parameters of computer forensics evidence and
its admissibility.

According to Howard, hashing is a step in the forensic investigation which involves authenticating and identifying the electronic
information discovered through the imaged computer media. Hashing authentication ensures that the forensic image and the original
computer media are identical. Hashing is:

• “The process of taking computer data as a string of

info ɵ