Outcome 1 will be covered by a written test
Outcome 2 will take the form of a practical assignment involving the forensic analysis of a complex contemporary digital forensics examination
Outcome 3 will be covered by the practical skills of using software
This article explores the legal professional and ethical issues faced in Digital Forensics
Just like standard forensics, digital forensics covers scientific tests or techniques used in connection with the detection of crime. However, it differs in that it relates to digital evidence
Here we can see a job application for a Digital Forensics Analyst - it details tools and skills that would be required
Here we find guidelines for law enforcement
Here is a PowerPoint on the areas of crime most commonly associated with Digital Forensics
ECHELON is a government initiative which predates the modern internet, however, it intercepts all incoming and outgoing communications with continental America.
Wargames is a 1983 film about a computer hacking inadvertently escalating the cold war
It’s popularity brought it to the attention of US President Ronald Reagan who enacted the first Presidential directive on computer security.
Interception techniques can only lawfully be used once a warrant is in place
This link details a common scenario
Data mining can be used to collect large amounts of seemingly innocous data about an individual which can then be used to link them to certain places or events
Most “hacks” are down to users using default password information in conjunction with a lack of knowledge . For example the 2014 FAPPENING event - where celebrities photos were leaked online.
The News of the World phone hacking scandal was due to users either not setting a password to access voicemail or setting easy passwords like 1234.
Though more sophisticated hacks exist - they are generally government sponsored
The number of cameras and microphones in digital devices have made it much easier to collect surveillance data from an unwitting suspect
Stingrays are devices used by the government that act as spoof mobile phone relays. These devices can be used to prove a suspect was in a particular location.
Meta Data is contained in the header of a file. The header tells the computer certain information about a file. In JPEG’s for example - data such as GPS location, time, make/model, camera settings and orientation can be found.
Metadata can be an important tool for proving a files authenticity.
Normally when we delete a file, we are only deleting the reference to the file in the file formats name
The actual method differs by file system but the file remains on the disk, it is just hidden from the OS and can be overwritten
BitKiller is an Open-Source tool which can be used to delete sensitive information
There are several ethical dilemmas when conducting Digital Forensics and it is important to stay on the right side of the law.
First we may be exposed to information which is disturbing
Secondly certain techniques such as coercion are not legal under normal circumstances
Thirdly, when we have access to these tools we may be tempted to use them on our friends/family
Here we can find some information on the ethical dilemmas presented
Securing a Crime Scene
Here we can see guidance on securing a crime scene
Broken or corrupted files can usually be at least partially fixed, incriminating data can often be restored even though the user has deleted all of the relevant files.
In order for evidence to be used in court - it is important to keep a detailed record of the steps taken. If the evidence is challenged and it can not be reproduced then it will be thrown out
Governmental departments around the world have accidentally released information by only redacting data inside Word or PDF files. Savvy users have still been able to copy/paste the information or to just remove the black bars covering the information.
A user can also unwittingly hand over their location by phoning 999
It is now common for large companies ( Google, Apple, Microsoft ) to hold large amounts of personally identifying data about us. If asked to do so by a law enforcement agency - these company’s will generally comply