CRIM 414 Lecture Notes - Lecture 5: Security Account Manager, Anomaly Detection, Computer Security

Other practical constraints - eg limited resources. Limited window of opportunity to collection of potential digital evidence. Acquisition of information from small-scale technological devices. Emerging cloud computing or cloud forensic challenges. Admissibility of digital forensic tools and techniques. Insufficient support for legal criminal or civil prosecution. Lack of qualified digital forensic personnel (training, education, and certification) Lack of unified formal representation of digital forensic domain knowledge. Lack of forensic knowledge reuse among personnel. Anti-forensics (cid:494)(cid:494)any attempts to compromise the availability or usefulness of evidence to the forensics process. (cid:495)(cid:495) Conclusions from an investigation must be based on irrefutable evidence obtained by correlating information from a number of trusted sources. The immediate noticeable effect of evidence tampering is a more difficult and time- consuming investigation process. Also, risk that evidence may not be conclusive or trustworthy. Attack on data = potential evidence is deleted or modified so as to make it unintelligible or inadmissible in a court of law.