Why Digital Forensics?

Jul 19, 2018

Industry News

Sharing is caring

Digital forensics

Digital evidence. It’s everywhere. Consider the ubiquitous nature of electronics: in our society, interaction with electronic devices is inevitable. Most of us interact with them hundreds, if not thousands, of times a day. And most of those devices are “smart” enough to retain information about who you are, and where you were, when you interacted.

Add to this the massive amounts of digital information office workers deal with every day: emails, the web, calendars, word processors, spreadsheets, and security systems. It’s a vast amount of information. And, all of these systems collect “digital fingerprints” when they are used. This leads to large amounts of “indirect” information available to anyone who knows to look for it.

Knowing to look

Imagine the time before we knew fingerprints were unique. Crime scenes held fingerprints and other forensic information, which was all literally overlooked. Footprints and blood evidence were examined. But since science didn’t know about blood types until about 100 years ago, even this important evidence was missed.

This is the current state of much digital evidence. It might be there, it might not. Most people vaguely consider its usefulness. And since this is new technology, many people are frequently clumsy in their methods of dealing with it.

But in almost all cases, the digital evidence is there. And we must be careful in handling it, because it is more fragile than other evidence. Even the simple act of turning a computer “on” can change and possibly destroy potentially useful digital evidence.

What’s the rush?

Only someone who knows technology and the law can adequately protect that valuable digital forensic evidence.

You need to get that computer into the hands of a digital forensics expert ASAP. And unlike many other tasks related to preparing the case, time is critical. Any delay leaves that evidence vulnerable. It would be like not putting up the police tape around a physical crime scene. If you let people walk through, your evidence gets compromised or lost.

But we’re trying to limit our costs!

Until you know you’re going to court, of course you don’t want to spend much money. The case might settle, money could be saved.

But, consider this: if the opposing counsel sees an immediate, aggressive move to gathering as much digital forensic evidence as possible, you’re more  likely to get a settlement offer. A proactive digital forensics strategy clearly demonstrates that you are not only serious, but you’re aware of the importance of digital evidence. If your opposition is also up-to-date on the role of digital forensics, they will appreciate your savvy. If they are not technically inclined, they will likely be unclear, perhaps even intimidated, about what digital evidence there is, and what may be done with it. It’s a bit of a win-win for you.

The Digital Forensics Collection

There is a prudent way to limit costs early on, however: Digital forensic collection. This means collecting the evidence first, while leaving the detailed data analysis for later, when it becomes clear the case will likely go to trial.

Most digital forensic evidence is drawn from the hard disk drives of the computers in question. A “bit-level” image of a hard drive is an exact duplicate of the drive at the time the image is taken. You can take a bit-level image early, and use it later, if necessary. This phase of a digital forensic investigation is usually less than one quarter of the overall cost.

But, how broad do you cast your digital net? Is imaging all the office computers sufficient? What if home computers were involved? What about online backups, web searches, and mail servers? How far do you go?

Well, the answer comes from the cost ratio mentioned previously: If there is a 25% chance that a system could carry relevant digital forensic evidence, then capture an image of it. You can defer the decision to analyze the data until later.

digital forensics

Who you gonna call?

The best way to protect all involved is too seek the guidance of a digital forensic specialist at the earliest sign of possible litigation.

Your chosen digital forensics consultant needs to be qualified across many platforms: Windows, Mac, Linux, servers, web services, and even security systems. A digital forensics expert who is certified on just one product may not be “expert” enough to do the job thoroughly. You need depth on your bench.

The other role for your forensics consultant is as trusted advisor: Prudent advice about the timing of forensic collection and analysis will always be needed. And there will probably come a time when you need guidance regarding your own firm’s handling of electronic data.

Lastly, your digital forensics consultant should be someone you’d be comfortable presenting in court as an expert witness.

As is often the case, price may not be indicative of quality.  So, you should consider these questions when evaluating any digital forensic consultant:

  • Do they have their own dedicated digital forensics lab?
  • Do they know the law?
  • Do they follow the accepted protocols and procedures?
  • Are they able to keep and present an acceptable chain of custody?
  • Are they able to balance the costs against the various parameters of timing and scope involved in a digital forensic investigation?
  • Can they deal with the wide scope of systems and hardware?
  • Have they ever served as an expert witness?
  • How long have they been in business?
  • How quickly are they able to react?
  • Are they familiar with discovery and preservation strategies and case law?

At the end of the analysis, you need to chose your digital forensic examiner very carefully. Using the information above will help avoid the most common errors.

#DigitalForensics
#Uphando
#SettingTheStandards


Sharing is caring

4 comments on “Why Digital Forensics?


  1. alliance says:

    Undеniabⅼy consider that that you said. Your favourite reɑson seеmed to be on the
    internet the easiest factor to underѕtand of. I say to you,
    I definitely get irked even as peoⲣle consider wߋrries that they plainly do not realize about.
    You managed tо hit the nail upon the tоp and outlined out the
    whole thing with no need side-effects , other folks could take a ѕignal.
    Will likely be again tо get more. Tһank you

  2. ergfirnolikz says:

    Greetings! I know this is kind of off topic but I was wondering which blog platform are you using for this site? I’m getting sick and tired of WordPress because I’ve had problems with hackers and I’m looking at alternatives for another platform. I would be awesome if you could point me in the direction of a good platform.

    1. Salome says:

      Good morning
      Hope you are doing well.
      We are actually using WordPress, it has suited our needs best so far.
      I don’t know much about other platforms I’m afraid.
      If you have any other questions (off topic or not) you are welcome to message us again.

      Hope you find one that suits your needs.

      Kind regards
      Uphando team

  3. Since tһe admin of this website is working,
    no hesitation very гɑpidly it will be famߋus, due to its quality contents.

Join the Discussion