Any action of an individual, and obviously the violent action constituting a crime, cannot occur without leaving a trace. Edmond Locard, director of the first forensics lab in 1910.
Scenario: You are a detective for the local police. You have some training in computer forensics.
The primary suspect in a murder investigation works at a large local firm. He is reported to have two computers at work in addition to one at home. His company has issued him a cell phone for business use, but you do not know if this is the only cell phone he has or uses.
You will be the first responder to both scenes.
So, what do you do? To get the discussion started:
Can Locard's Exchange Principle be applied to a digital crime scene, in general? To these digital crime scenes? Why or why not?
What do you need to do? What do you base the preliminary assessment on? the platform? the software? the user's Internet browsing history? other?
Would the sniper forensics perspective be useful?
What are the potential traps and pitfalls for you as the investigator?
What's happening in the news right now to support your viewpoint?
Be prepared to both defend your position and challenge the position of others.