| What is Digital Forensics? | | | | examination techniques are able to expose more |
| Digital Forensics is the terminology used when | | | | evidence then several days of surveillance and |
| digital artifacts are collected from a computer | | | | dumpster diving. Deleted data from digital devices |
| system in a forensically sound manner. In other | | | | such as cell phone text messages and other acts |
| words, digital artifacts such as documents, | | | | are often recoverable; for example, did your |
| spreadsheet, pictures and email can be retrieved | | | | client’s spouse have an instant messaging |
| from a computer, PDA or any other type of | | | | conversation? Are those deleted emails |
| digital device with storage capability. The material | | | | recoverable? What websites did the suspect visit? |
| is then analyzed and preserved. This operation can | | | | Several examples below elaborate how Digital |
| often be done even if the data has been | | | | forensics can assist the privateinvestigator in |
| intentionally erased. Digital Forensics procedures will | | | | specific cases and tasks: |
| allow the forensic examiner to reveal digital | | | | Adultery cases: |
| evidence, and display the exact time and date the | | | | Online chats or sms text messages are often |
| information was created, installed, or downloaded, | | | | used to arrange meetings and providecovert |
| as well as when it was last accessed. Although | | | | communication to avoid suspicions by the spouse. |
| the first computer crimes occurred in the | | | | Fraud Cases: |
| 1970’s, computer forensics is still a relatively | | | | It is often possible to determine when and if a |
| new field. While we now have more PC and | | | | document was altered. Unless the document was |
| mobile device users then ever, the demand for | | | | produced by a typewriter, there always is or at |
| Digital Forensics is quickly increasing. Laptop | | | | least has existed an electronic copy somewhere. |
| computers, PDA’s and mobile phones with the | | | | In addition the most common word processor, |
| capability of storing pictures, connecting to the | | | | “Microsoft Word” which is part of the |
| Internet and e-mails, more and more often | | | | Microsoft office suite embeds Meta data into each |
| require the need of Digital Forensics to determine | | | | document. This Meta data can provide vital |
| the action to be taken in criminal litigation cases, | | | | information such as the identity of the author and |
| corporate espionage, and accusations of child | | | | the computer on which the document was |
| pornography, Likewise, acts of terrorism as well | | | | composed. The same applies to Microsoft Excel |
| as the practices of disgruntled employees and the | | | | spreadsheet applications. |
| behavior of cheating spouses, all have one thing in | | | | Tailing a suspect: |
| common: they frequently utilize computer | | | | When tailing a suspect, imagine how informative it |
| systems and mobile devices to assist them in | | | | could be to know his/her previous destinations, |
| their unethical actions and crimes. The evidence | | | | prior to starting the assignment. Impossible you |
| that these activities leave behind is readily | | | | say! This is not necessarily so especially if the |
| detected through the procedures of digital | | | | individual had traveled by automobile and used a |
| forensics. | | | | GPS (Global Positioning System). Some of the |
| | | | most recent advancements in Digital Forensics |
| Digital Forensics or Computer Forensics? | | | | allow for the retrieval of information from the |
| In the past, computer forensic investigations have | | | | most common GPS systems. |
| had PC and Laptop systems as their primary | | | | Harassment cases: |
| target for examination. Within the past years, the | | | | There are many different types of harassment. It |
| computer forensic field has been forced to | | | | is often the case that your client may not only be |
| broaden its scope, tools and investigative | | | | receiving harassment in person, but also via |
| techniques in order to keep abreast of the | | | | phone, and/or email. A Forensic Examiner can |
| personal technology being used by common | | | | preserve logs of phone calls received from cell |
| citizens. Equipment such as Cell phones, | | | | phones and present them as evidence by strictly |
| PDA’s, Blackberrys and GPS systems are | | | | maintaining a chain of custody. Every email sent |
| used on a daily basis, and can contain vital | | | | from a given source to a specific destination |
| information from sms test messages, emails, | | | | leaves information embedded in that email. This |
| phone logs and previous GPS destination | | | | information is referred to as the email header. |
| coordinates. Therefore the term Digital Forensics | | | | The forensic examiner can analyze the email |
| is becoming very popular as the computer | | | | header and trace it back to the origins of the IP |
| forensic field expands and incorporates the digital | | | | address from which it has been sent. |
| analysis of new technological devices. | | | | Surveillance: |
| | | | When considering surveillance, most think of |
| What can a skilled Digital Forensic Examiner do? | | | | traditional techniques such as: tailing, stakeouts and |
| A skilled digital forensic examiner can recover | | | | video surveillance. However, modern computer |
| deleted files from a computer. He or she can | | | | techniques can also be a valuable asset to the |
| view which websites have been visited from a | | | | private investigator. There are such devices as |
| specific computer even after the browser history | | | | spy ware programs and keystroke loggers that |
| and cache have been cleared and deleted. A digital | | | | will provide real time information about what, |
| forensic examiner is able to review previous | | | | where and when things have occurred on a |
| communications sent and received via an instant | | | | suspected computer. |
| messaging and chat application such as yahoo | | | | |
| instant messenger and msn messenger. The | | | | Who has the right to search a computer or Digital |
| forensic process will also restore deleted or hidden | | | | device? |
| pictures and email messages. In addition the | | | | The Fourth Amendment protection against |
| forensic examiner is trained to analyze and | | | | unlawful search and seizure only applies to |
| re-create deleted text messages and call logs | | | | government entities such as law enforcement. |
| from cell phones, PDA’s and Blackberry | | | | The Fourth Amendment does not apply to |
| devices. How the Private investigator can benefit | | | | private searches. A private search can be |
| from Digital Forensics Digital Forensics can assist | | | | conducted or authorized by anyone who has a |
| the private investigator in many ways principally | | | | legal right to the data stored on the computer, |
| by identifying vital information and saving cost and | | | | such as employers or spouses. |
| time. Often 2-3 hours of digital forensic | | | | |