ATTENTION: The new home of the Digital Forensics Wiki is at Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn


From ForensicsWiki
Revision as of 19:05, 6 July 2006 by Miami4n6 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

With regards to computer forensics, "black bag" operations usually consist of the acquisition of digital evidence without the target's knowledge. This type of operation is especially useful during internal affairs or ongoing criminal investigations. Depending on the sensitivity of the investigation, access to the target's computer is sometimes facilitated by the target's superiors by giving the evidence collection specialist intelligence to bypass physical security devices during the operation. It should also be noted that during this type of operation, it is also possible to install applications and configure a computer system to further the investigation from a remote location.

According to the FBI's own web page, the term "black bag" is coined from a practice used by that agency between 1942 and 1967. During that time, the FBI illegally obtained evidence against several individuals/organizations by entering their offices and obtaining photographs of information found in their records. The practice was ordered to be discontinued by then FBI Director Hoover.