Digital Forensics

Key Legislation


This article explores the legal professional and ethical issues faced in Digital Forensics

Just like standard forensics, digital forensics covers scientific tests or techniques used in connection with the detection of crime. However, it differs in that it relates to digital evidence

Here we can see a job application for a Digital Forensics Analyst - it details tools and skills that would be required

Here we find guidelines for law enforcement

Here is a PowerPoint on the areas of crime most commonly associated with Digital Forensics

Affinity Photo


Echelon Project

ECHELON is a government initiative which predates the modern internet, however, it intercepts all incoming and outgoing communications with continental America.


Wargames is a 1983 film about a computer hacking inadvertently escalating the cold war

It’s popularity brought it to the attention of US President Ronald Reagan who enacted the first Presidential directive on computer security.


Interception techniques can only lawfully be used once a warrant is in place

This link details a common scenario


Data mining can be used to collect large amounts of seemingly innocous data about an individual which can then be used to link them to certain places or events


Most “hacks” are down to users using default password information in conjunction with a lack of knowledge . For example the 2014 FAPPENING event - where celebrities photos were leaked online.

The News of the World phone hacking scandal was due to users either not setting a password to access voicemail or setting easy passwords like 1234.

Though more sophisticated hacks exist - they are generally government sponsored


The number of cameras and microphones in digital devices have made it much easier to collect surveillance data from an unwitting suspect


Stingrays are devices used by the government that act as spoof mobile phone relays. These devices can be used to prove a suspect was in a particular location.

Meta Data

Meta Data is contained in the header of a file. The header tells the computer certain information about a file. In JPEG’s for example - data such as GPS location, time, make/model, camera settings and orientation can be found.

Metadata can be an important tool for proving a files authenticity.

Erasing Data

Deleting files

Normally when we delete a file, we are only deleting the reference to the file in the file formats name

The actual method differs by file system but the file remains on the disk, it is just hidden from the OS and can be overwritten

BitKiller is an Open-Source tool which can be used to delete sensitive information

Ethical Dilemma

There are several ethical dilemmas when conducting Digital Forensics and it is important to stay on the right side of the law.

First we may be exposed to information which is disturbing

Secondly certain techniques such as coercion are not legal under normal circumstances

Thirdly, when we have access to these tools we may be tempted to use them on our friends/family

Here we can find some information on the ethical dilemmas presented

Securing a Crime Scene

Here we can see guidance on securing a crime scene

Fixing Files

Broken or corrupted files can usually be at least partially fixed, incriminating data can often be restored even though the user has deleted all of the relevant files.


In order for evidence to be used in court - it is important to keep a detailed record of the steps taken. If the evidence is challenged and it can not be reproduced then it will be thrown out

User Error

Governmental departments around the world have accidentally released information by only redacting data inside Word or PDF files. Savvy users have still been able to copy/paste the information or to just remove the black bars covering the information.

A user can also unwittingly hand over their location by phoning 999

Large Companies

It is now common for large companies ( Google, Apple, Microsoft ) to hold large amounts of personally identifying data about us. If asked to do so by a law enforcement agency - these company’s will generally comply