Time for the myths around digital forensics to be exposed
April 2017 by Elizabeth Sheldon, CEO of Evidence Talks
Elizabeth Sheldon, CEO of Evidence Talks, has been speaking to an invited group of representatives from the law enforcement, security, government and corporate communities about the misunderstandings which sometimes affect critical decision-making on issues of cyber crime and cyber security.
Defining digital forensics as “the application of investigation and analysis techniques to gather and preserve evidence from a digital device suitable for presentation in a court of law”, she invited the audience to consider how popular presentation of the techniques, for example in TV and film drama, had influenced perception.
Drawing attention to the universal availability and use of digital devices in the
commission of crime, she went on to identify the myths about digital forensics as
It is more difficult to conduct a crime online
Finding the evidence is easy
It is quicker to find what you’re looking for
All relevant evidence can be recovered
Investigators can simply conduct fishing expeditions to find evidence.
Elizabeth reminded the audience of the extraordinary range of cyber crime now being committed, including theft from online accounts; denial of service attacks; hacking; identity theft; child abuse; cyber stalking and bullying; terrorism; phishing and scams. At the outset, she effectively set aside the misconception about online crime being difficult to conduct, pointing out that with anonymity and the opportunity to attack multiple victims simultaneously, often across international borders, that for many criminals it was less dangerous and offered instant results.
In a graphic example, she then underlined the magnitude of the task, comparing the capacity of digital devices to a ‘paper equivalent’.
Using a simple, step-by-step progression she showed how one ITb HDD contains enough data to fill over 200 average size articulated lorries – which would form a queue two miles long!
Returning to her theme about how popular entertainment channels misrepresent the tasks and processes involved in digital forensics, Elizabeth compared the real-life challenges to the images of smart investigators simply accessing devices without challenge, and casually scrolling through a device often courtesy of an inspirational guess at passwords.
She reviewed practical issues such as the sheer volume of material, often running into millions of images and the need to identify, retrieve and preserve data. “No current software tools nor critical thinking can guarantee the complete recovery of evidence or data, and of course not every bit of data accessed during a digital forensic examination is relevant to the case. What’s more, we are governed by the law of the land; in the UK, for example, the police cannot simply go fishing, they need to have an idea of what they are looking for and a warrant to cover all devices found”, she commented.
Elizabeth Sheldon concludes that for the digital forensics community of providers and users, greater understanding of both the powers and practicalities of the techniques involved are necessary. “Digital forensics as a science needs its exponents and those they report to, to be as well educated as possible so that we share our common goals based on informed understanding of its capabilities. Used well, we have at our disposal a powerful set of weapons to fight terrorism, crime, child abuse and fraud.”