Latest Expert Witness News
Digital Forensics: A News Item provided by CCL Forensics
Digital Forensics can be described as the investigation and analysis of digital media in the interests of determining potential evidence and is an invaluable tool in both criminal and civil cases conducted by solicitors in the 21st Century.Computer Forensics was initially recognised in the mid 1990s, although the practices were not formally identified at this stage.These early explorations have since been developed by practitioners into a standardised, although by no means simple, process.All laboratories work within the ACPO (Association of Chief Police Officers) Guidelines relating to computer based evidence.These describe how digital devices or media should be recovered by police officers and subsequently dealt with in the time leading up to analysis.The forensic process involves taking a number of steps that ensure evidential continuity.
For example, an analyst will take a forensic copy or “image” of the media, whether this is a hard drive, floppy disk or DVD to ensure that the data on the original media is not compromised. The analyst will then use the exact copy of the media to undertake their investigations.A computer analyst will use forensic software to retrieve all information stored on the hard drive or flash drive, deleted or otherwise.It is then their task to work with the legal team and the case notes which they have been given to pull out the relevant information to assist the prosecution or defence with their case.Digital Forensics has been ‘traditionally’ used in cases where a computer is required to commit the crime.
The downloading of indecent images from the internet or online credit card fraud may be the types of crime that immediately spring to mind.However, it is now common practice for digital forensics to also be used in civil cases, such as theft of intellectual property or employee computer misuse.
Emails are commonly used as evidence as they can give clues surrounding the story of a relationship between two people in chronological order.A forensic analyst can often recover emails that have been deleted and these can be pieced together in order to create a complete account of events.The other branch of Digital Forensics which has emerged much more recently is mobile phone forensics.Mobile Phones and other portable devices such as PDAs are appearing everywhere and yet they are often overlooked as a form of evidence.
There are three ways in which the phone can be used to provide evidence; the SIM card (where a lot of data, including the mobile phone number is stored), the handset itself or from the network provider (such as O2, Vodafone etc.) Each mobile phone handset is different; therefore a number of different tools are required for the analysis, which can be a complicated process.The SIM card undergoes a similar examination procedure to a computer hard drive with a clone of the SIM being made before analysis takes place.This ensures that the SIM does not communicate with the network when it is activated and therefore that none of the evidence is altered.The information which can be extracted from these two pieces of equipment includes call records, contact lists, text messages, media messages and deleted information.In one recent case, a digital forensics company was asked to analyse a mobile phone in relation to a serious assault case.It was alleged that a young boy had conducted a serious assault on another child whilst his friend took pictures on his mobile phone.The young boy denied all knowledge of the incident and the defence were tipped off that another boy may have been responsible.The defence were able to gain authorisation to seize the second boy’s mobile phone and, using a wide range of specialist software, a forensic analyst was able to recover the pictures in question.They also recovered a deleted multimedia text message sent to another child with one of the pictures attached to it.The case against the first boy
back