Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
23 views5 pages

Digital Forensics for Legal Experts

This chapter introduces digital forensics and its role in the judicial system. It defines digital forensics as the application of computer science and investigative procedures to analyze digital evidence from various electronic devices and networks. Digital forensics experts play an important role as expert witnesses in criminal and civil cases, where they must communicate technical findings to attorneys and judges. The chapter also outlines common uses of digital forensics in criminal investigations, civil litigation, intelligence work, and administrative matters.

Uploaded by

An Tran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
23 views5 pages

Digital Forensics for Legal Experts

This chapter introduces digital forensics and its role in the judicial system. It defines digital forensics as the application of computer science and investigative procedures to analyze digital evidence from various electronic devices and networks. Digital forensics experts play an important role as expert witnesses in criminal and civil cases, where they must communicate technical findings to attorneys and judges. The chapter also outlines common uses of digital forensics in criminal investigations, civil litigation, intelligence work, and administrative matters.

Uploaded by

An Tran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 5

Chapter 1: Introduction

Topics
What is Forensic Science?
What is Digital Forensics?
Uses of Digital Forensics
Role in the Judicial System
What is Digital Forensics?
Digital Evidence
Computers record evidence of everything you do, and also
 Cell phones
 ATM machines
 Web servers
 Email servers
 SMS systems
 etc.
Slow to Change
Attorneys and judges often know little about digital evidence
Digital forensic scientists must therefore be teachers as well as technical experts
Forensic Science
Forensics
 Application of science to solve a legal problem
Digital Forensics
 Application of computer science and investigative procedures
 Analysis of digital evidence
 Search authority
 Chain of custody
 Validation with mathematics
 Use of validated tools
 Repeatability
 Reporting
 Expert presentation
Items to Examine
Laptop and desktop computers
Mobile devices
Networks
Cloud systems
Video, audio, and images
 Authenticity, comparison, enhancement
Uses of Digital Forensics
Criminal investigations
 Child pornography
 Identity theft
 Homocide, sexual assault, robbery, burglary…
 Almost every criminal investigation
Civil litigation
Intelligence
Administrative matters

CNIT 121 – Bowne Page 1 of 5


Chapter 1: Introduction
Forensics Backlog
"…there were massive backlogs within all police forces, to
the point where it was six months to two years before
some computers could be examined"
 Link Ch 1a on my Web page
 samsclass.info
 "CNIT 121"
Law Enforcement Paradigm
Police need to think of and seek out digital evidence
Seize
 Cell phones
 Gaming consoles
 Cameras
 Etc.
Bind. Torture. Kill.
Dennis Rader
 Respected citizen
 Also a serial killer
 Murdered ten people in Kansas from 1974 to 1991
He confessed in an anonymous letter to a newspaper
He offered to send police a floppy disk
 Police said it couldn't be traced
Metadata
Metadata on the RTF file he sent contained
 Dates
 Title: "Christ Lutheran Church"
 "Last Saved By:" Dennis
Christ Lutheran Church Wichita website showed Dennis Rader as
President of Congregation Council
John Mcaffee
Fugitive from Belize police
Posed for a photo in Guatemala
Published on the Internet with GPS location metadata
Link Ch 1c
Civil Litigation
eDiscovery is a $780 million business
Hiring in San Francisco now
eDiscovery definition
 "any process in which electronic data is sought, located, secured, and searched with the intent of
using it as evidence in a civil or criminal legel case"
Both parties are entitled to examine evidence
 This process is called "Discovery"

CNIT 121 – Bowne Page 2 of 5


Chapter 1: Introduction
Google's Billion Dollar eDiscovery
Error
This email was marked
"Confidential" on some copies
but not on others
Accidentally revealed as evidence
Link Ch 1d
(Google didn't actually lose the $1
billion)
Intelligence
Terrorists and foreign governments
use digital tools and the Internet
US Military uses documents and
media in the DOCEX and
DOMEX processes
DOMEX
DOCEX (Document Exploitation)
 "Procedures used by the
United States Armed
Forces to discover,
categorize, and use
documents seized in
combat operations"
 "Documents" includes
digital media
DOMEX (Document and Media
Exploitation)
 Use of documents by
various agencies after
collection
 Link Ch 1f

Real Aid to the Enemy


"…a real-world example from 2007. When a
new fleet of helicopters arrived … in Iraq,
some Soldiers took pictures ... From the
photos that were uploaded to the Internet,
the enemy was able to determine the
exact location of the helicopters inside
the compound and conduct a mortar
attack, destroying four of the AH-64
Apaches."
 Link Ch 1d

CNIT 121 – Bowne Page 3 of 5


Chapter 1: Introduction
Administrative Matters
Digital evidence is used to detect policy violations
 Accessing forbidden websites at work
SEC Office of the Inspector General
 Firewall logs showed officials surfed porn at work
 Link Ch 1f
Locard's Exchange Principle
When perps enter or leave a crime scene, they will leave
something behind or take something with them
 Such as DNA, fingerprints, hair, fibers, etc.
Also true of digital forensics
 Registry keys, log files, etc.
Scientific Method
Forensic science is new and procedures are still being
developed
A scientist is normally regarded as objective, neutral, dealing only with facts
BUT forensic experts are hired by both prosecution and defense, and state expert opinions as well as facts

Organizations of Note
Scientific Working Group on Digital Evidence
"brings together organizations actively engaged in the field of digital and multimedia evidence to foster
communication and cooperation as well as to ensure quality and consistency within the forensic community"
 Link Ch 1h
American Academy of Forensic Sciences
Premier forensic organization in the world
Develops standards of practice
6000 members, including directors of most federal crime labs
 Link Ch 1i
American Society of Crime Laboratory Directors/
Laboratory Accreditation Board (ASCLD/LAB)
ASCD/LAB accredited labs are the "gold standard" in forensics
They set standards and requirements for accreditation
 Link Ch 1j
NIST (National Institute of Standards and Technology)
National Software Reference Library
 Known file signatures for operating system software and other
items of no investigative value
Computer Forensic Tool Testing
 Link Ch 1l
ASTM International
Also develops standards for forensics
 Link Ch 1k
HTCIA (not in textbook)
High-Tech Crime Investigation Association
Organization of peace officers, investigators, prosecuting attorneys, and
security professionals
But NOT criminal defense experts
 Link Ch 1g

CNIT 121 – Bowne Page 4 of 5


Chapter 1: Introduction
Defense Lawyers
Understand their goals
Hurting the expert & freeing
the client is a win for them
 Image from

http://www.zazzle.com/lawyer_shark_trust_me_bumper_sticker-128101885100809676
Role of the Forensic Examiner in the Judicial System
Expert witness
 Qualified to render an opinion
 Must be effective communicators
 Must be teachers
Must be without bias
 Follow the evidence wherever it leads

Last modified 1-12-13

CNIT 121 – Bowne Page 5 of 5

You might also like