What is Digital Forensics?

Digital Forensics. Who's been using my phone? I sent this little guy digital forensic expert to find out.

As the world becomes a steadily more digital place, the ways in which crime and fraud are perpetrated have seen a massive shift. And while big cyber-attacks and data breaches tend to steal the headlines, individual businesses from small startups to the largest corporate firms can fall victim to internal digital fraud, misuse of company technology, forgery, credit card fraud and disputes over intellectual property. And as cyber criminals become more adapt at covering their tracks, there’s a growing need for professionals who can provide evidence of wrong-doing. Even in seemingly non-tech related legal matters like divorce investigations and workplace employee disputes, providing digital evidence of a crime or wrongdoing committed can make or break a case in court. That’s where the science of digital forensics comes in!

What is Digital Evidence?

Because digital devices store a lot of metadata – such as the time and date an email was sent, or when a particular PC was accessed by a certain user – they can prove invaluable in court cases. Digital evidence can also be used to exonerate an innocent party, proving their whereabouts at a certain time, for example.

This kind of information can be found on an enormous variety of devices and media – from phones, tablets, PCs, hard drives and thumb drives to CDs, and storage and memory cards in digital cameras or smartphones. As our lives become filled with ever more devices – such as wearable fitness technology – the amount of information gathered about our comings and goings is only set to increase, and being able to use this information as evidence during a trial will only become more valuable.

There are three broad types of digital evidence:

Active:

Files and programs edited or used during general use, where the user has made no attempt to hide or encrypt the data – unsurprisingly, the easiest form for digital forensic experts to uncover.

Archival:

Data which has been backed up or stored to a removable or external device such as a server, flash drive, CDs and DVDs, backup tapes and external hard drives.

Latent:

Evidence that someone has actively tried to delete, encrypt or write over. Many people assume that a file deleted from the recycle bin, for example, is gone forever – but although it takes many years of experience and specialized software, data recovery experts like Data First Data Recovery can still retrieve potentially useful information or even restore data completely.

Correct Procedure

In order for all evidence gathered to be permissible in court, digital forensic experts need to follow protocols when collecting, handling and evaluating it. A strong chain of evidence, appropriate access controls, and detailed logs of when and who collected the evidence need to be maintained at all times.

In some instances, special handling may be required – such as when someone has tried to dispose of the device and it’s been damaged, come into contact with water, or a disk formatting has been attempted.

Wherever possible, examiners should avoid tampering with the original information or media, but rather work off a bit-for-bit mirror copy so that the original evidence is left as is should verification by another party be required. Digital forensic experts also need special software and advanced skills in order the hack password-protected or encrypted files.

Notable Cases

One of the most high profile convictions made in part thanks to digital forensics was the sentencing of Michael Jackson’s doctor, Dr. Conrad Murray. Investigators discovered documentation on his computer which authorized a potentially lethal amount of drugs, and solidified the prosecution’s case. Murray was convicted of involuntary manslaughter, lost his medical license, and served two years in prison.

In Boston, forensic investigators managed to cut short the murderous career of Philip Markoff, known as “The Craigslist Killer”, thanks to digital forensics that uncovered his IP address and led police straight to him within a week of the first attacks.

And occasionally, it’s not what’s on the device that’s suspicious, but what isn’t. A forensics expert tasked with investing a case for the Corcoran Group found that emails and other files which should have been there had gone missing. While it wasn’t definitive proof, of course, it was enough for the judge to rule that they were intentionally misleading the court and attempting to hide evidence.

A Career in Digital Forensics

If what you’ve heard above intrigues you, then there’s more good news – the demand for digital and computer forensics examiners is increasing rapidly, with law enforcement, government agencies and the private sector alike all coming to depend more and more on the kind of evidence digital forensic examiners can provide. You can find out more about this exciting and rewarding career here.

Featured Image Credit: Chris Isherwood on Flickr

Leave a Reply

Your email address will not be published. Required fields are marked *