Digital forensic science is also known as digital forensics and encompasses the all the investigations and research used in solving computer crime. The material used is, without exception, in digital format, and unlike computer forensics, it exclusively refers to storing devices and the afferent data – not to everything that’s computer or smartphone/tablet-related.
This is a pretty delicate subject, as the line is not clearly drawn in all cases related to digital forensics. Depending on the national laws, this data is placed in a legal hold by the attorneys as being potentially relevant. This is the most common usage of the digital forensics in court, when a hypothesis is researched in order to be supported or refuted. The courts can be both criminal and civil, as well as in the private sector, for instance when there’s an ongoing corporate internal investigation.
Digital forensics basics
This branch of forensic sciences can be used to intercept direct evidence related to many a crime, especially as it can be helpful in attributing evidence to nominal suspects in approaches like document authentication processes. Unlike other types of forensic analysis, the digital forensic investigations are more extensive concerning the investigations techniques, as well as the areas and specific procedures. The main difference in the case of digital forensics is that an entire causal chain has to be proven to be either right or wrong before going to court, in opposition with other specific forensics where providing answers to unrelated questions based on simple research is enough.
Such an example are the alibis or statements to be confirmed, that not only require specific physical digital evidence, but an entire explanation of their functionality/disfunctionality, relevance on the case and causality with the other accusing or defending elements. For example, if your alibi is that you were at home, playing computer games, then your computer can yield this information (to the skilled investigator) and your alibi can be checked out.
Digital forensics classification
According to the type of digital devices of interest, there can be multiple sub-branches of such a digital forensics investigation:
– computer forensics – whenever the type of data is stored on a personal or public computer, instead of on a separate digital device
– network forensics – sub-branch referring to the monitoring of a network in order to intercept and use legal evidence of any kind
– forensic data analysis – the investigative process per se and its results
– mobile device forensics – aimed to recover digital evidence stored on mobile devices, under forensically sound conditions. This is the newest branch, it basically didn’t exist 10-15 years ago, but nowadays most everybody uses a smartphone, and this can be extremely important.
During the 2000s there has been a broader international need for standardization in the field of digital forensic science, as a great number of guidelines have been published in order to become a standardized norm and further be internationally followed. The international treaty has been signed by no less than 43 nations, including the United States of America, Canada, Japan, the United Kingdom and other European countries as well.
Along with this , the problem of digital forensic training has become a small industry Forensic software developing programs have included a digital forensic certification in their training programs, where an important point was allocated to internet crime, particularly cyber warfare, as well.
Digital forensics procedure
Concerning the investigation process during a digital forensic examination, trained law enforcement personnel performs the seizure and the acquisition processes, after which the forensic duplicate of the digital data is ready to be properly examined. The evidence brought has to either support or infirm a hypothesis, while signs of tampering will be looked for.
The definition given by the in 2002 for this is ‘an in-depth systematic search of evidence related to the suspected crime’. The investigation methodologies can substantially differ from a case to another, considered reliable in the state where the examination takes place, in order to be accountable and available in court. The procedure also mentions the written expert conclusion of the evidence.
Legal Considerations for digital forensics
There are numerous controversial issues regarding the monitoring and investigations of personal data and devices in particular and for civil investigations in general, overlapping a number of individual freedoms such as the freedom of speech or possession, as well as the right of privacy. In the United States of America for instance there is the limiting the investigation capacities of the digital forensic expert, for both intercepting and accessing evidence, while in the United Kingdom the law covering the computer crime area also includes limitations in accessing unauthorized computer material.
All these laws describe the legal framework under which the investigative process has to take place. Also, once in the court of law, the digital forensic evidence falls under the rules of any other type of evidence available for the court to be taken into consideration in the decision making process.