This article discusses the specific subfield of digital forensics and the types of crimes that would require digital forensics for an investigation.
This sub-field of forensic technology examines data and information from computer storage media so that they can be used as evidence before a court or to answer a specific legal question that it may need.
For example, in private investigations, digital forensics investigators may use digital forensics at the request of a private attorney for a defendant in a public case. Evidence can be collected to prove that an employee uses company resources for personal, private business use, e.g. Selling goods online or visiting the site that violates the company rules and regulations on information technology. In this case, the employee may be subject to disciplinary action by the company, more personal responsibility and perhaps criminal liability.
More evidence showing that an employee has violated a hiring agreement. Eg. Can evidence be collected that proves that an employee has access to records or other information without permission. It can also cause an employee to harass another employee or perhaps steal company information.
Whereas public investigations only require digital forensics when a crime has been committed and computers can be used in crimes in one of the following ways, such as crimes associated with the spread of computers, ie. copyright infringement, crimes where the computer is the instrument of the crime or crime where the computer is related to another crime, such as using it to store illegal records and crimes where the computer is the target, such as crimes involving theft of information from a computer or denial of service delinquency.
Digital Evidence Collection
The collection of digital evidence may have several prominent roles in the collection. These roles may include:
- Physical Technology Collection: Investigators collect the physical media. Physical media is any technology that stores data or information. For example, hard drives, PDAs, flash and other electronic devices.
- Physical media analysis: Investigators will analyze the physical evidence of fingerprints or other evidence found on the surfaces of physical technology. This role requires a deep understanding of technology and may be able to help the roles of digital evidence gathering and digital evidence analysis, even when the physical device is severely damaged.
- Digital Evidence Collection: Investigators collect the digital data from the physical equipment. Here, the proof is the complete set of files, folders and bits stored on the physical media.
- Digital Evidence Analysis: Investigators will analyze the data collected. Digital proof analysis can show hidden information.
Digital proof is both the complete set of bits, bytes and blocks taken from the technology. It is also any subset of the complete set, such as email, logs, text documents, spreadsheets and other files.
Digital evidence has several unique challenges and issues that need to be addressed. The biggest challenge lies in modern computers that are implanted as multi-user systems with potentially hundreds of users. Since evidence must prove the facts of an investigation, it becomes critical to clear up the flaws about who owns the data, how the data came to be on the system, and who or what originated the data.
Another concern is the legal issues surrounding the gathering of evidence from privately owned entities such as mobile phones in private investigations as well as the privacy expectation of employees using resources provided by the company. Although no clear answers have emerged, many companies specify the proper use of their assets and need employees to waive such privacy rights on the company’s assets as part of their employment contract.
In addition, this issue has recently become more complicated with the advent of free publicly available encryption technologies. This specific question is whether a user maintains an expectation of privacy by using encryption on the company’s assets. The company is clearly entitled to the encrypted version of the data; but is the company entitled to provide a mandate to offer an unencrypted version? Can then, after a court order, order a person to provide a law enforcement password to decrypt the digital evidence?
One might be tempted to claim that no digital bit has ever been seen, so plain vision is not possible and not a problem. This privacy issue raises the issue of “pure vision” while gathering evidence from digital sources. Others may claim that a license to collect all digital evidence stored on a disk or computer device is sufficient to collect all evidence from a computer for any crime.
Ordinary visual theory is best interpreted conservatively, so any seizure of evidence of a crime revealed during the search for evidence of another crime should then be justified by a permit.