ISSUES IN DIGITAL EVIDENCE INVESTIGATION

Cyber crime is an illegal electronic operation that targets the security of computer systems and data processed by them. Hacking, cyber fraud, phishing, identity and data theft come under cyber crime. Bank accounts can be hacked and credit card details can be stolen. When such cyber crimes are committed, we need digital evidence investigators to catch the culprits. Though cyber forensics is doing a great deal to find out who is responsible for misusing computer systems, it faces many issues that have to be handled with care. Listed below are some issues in cyber forensics.

1. A digital evidence investigator must keep in mind the privacy and secrecy of the clients’ data and information while performing the investigation. But in some cases when the information has to be produced as evidence in the court of law to prove a crime, it is not possible for the cyber forensics expert to maintain the secrecy and privacy of the clients’ information.
2. Sensitive data and information that are very important to the client maybe lost or damaged while finding evidence. But it is the duty of the expert to take additional care to ensure that the possible evidence is not destroyed or damaged. Typically this involves making a forensic image or forensic copy of the original media, and conducting the analysis on the copy versus the original.  
3. While the investigations are on, it is possible that some malicious computer programs or computer viruses are released into the computer system. These viruses may corrupt the existing software and they may have the potential to damage the hardware system too. It maybe necessary to use high quality anti-virus software before the investigation is commenced.
4. Once the evidence is found, it must be preserved very carefully. It must be protected against any kind of mechanical and electro-magnetic damage. Any evidence found relevant to the situation at hand will need to be extracted from the working copy media and then typically saved to another form of media as well as printed out. The information that is obtained as evidence is the responsibility of the computer forensic team.
5. When the case is on, the evidence information maybe stored in court and, in some cases, the concerned partied may not be able to use that information. This may affect the business operations. In order to avoid causing any inconvenience and loss to the parties involved, the digital evidence investigator must make sure that justice is delivered as soon as possible.
6. Whatever is done during the analysis has to be documented along with the findings. The findings and reports need to be based on proven techniques and methodology, and any other competent investigator should be able to duplicate and reproduce the results. It is also important that the information acquired during the analysis is ethically and legally respected.
7. The operations cost of digital evidence investigations may some cases exceed regular investigations.

In spite of all these issues, cyber forensics or digital evidence investigation has gained a lot of importance in today’s computer world largely due to its vast application in varied situations.

By-line:

This post was contributed by Holly McCarthy, who writes on the subject of forensic science careers. She invites your feedback at hollymccarthy12 at gmail dot com

Digital Evidence Investigators Required to be Licensed PI's!

We are witnessing a very interesting and disturbing trend in the digital evidence domain. Many states are enacting or amending legislation that will require anyone conducting any type of an "investigation" where a computer is involved to be licensed as a Private Investigator – Michigan being one of the latest examples. This is interesting as it was predicted several years ago that, unless the digital evidence community came up with some sort of gold standard/professional designation with a professional code of ethics, the ability to censure unethical professionals etc. the government would intercede with a less than perfect knee jerk reaction in order to protect consumers of these services.

The American Bar Association has taken a stand on this issue and the Science & Technology Law Section has issued a resolution arguing against this requirement:

AMERICAN BAR ASSOCIATION ADOPTED BY THE HOUSE OF DELEGATES AUGUST 11-12, 2008

RECOMMENDATION

RESOLVED, That the American Bar Association urges State, local and territorial legislatures, State regulatory agencies, and other relevant government agencies or entities, to refrain from requiring private investigator licenses for persons engaged in:

computer or digital forensic services or in the acquisition, review, or analysis of digital or computer-based information, whether for purposes of obtaining or furnishing information for evidentiary or other purposes, or for providing expert testimony before a court; or

network or system vulnerability testing, including network scans and risk assessment and analysis of computers connected to a network.

FURTHER RESOLVED, That the American Bar Association supports efforts to establish professional certification or competency requirements for such activities based upon the current state of technology and science.

Unfortunately it appears that most states are ignoring the advise of the scientific and legal community. The cynical side of my nature wonders whether the motivation for moving toward the PI License requirement is driven primarily by an economic motive (It appears that the PI community has a strong lobbying presence in many of the states that have already passed these requirements) as opposed to any real concern over an unregulated "industry" and consumer protection.

This issue is shaping up to be a watershed event for the digital evidence community and the final outcome will have a long lasting impact on this maturing field.

In case you were wondering, there is a concerted effort underway to address the issue of a neutral, board like certification for digital evidence professionals supported by the forensic science accreditation board. The Digital Forensics Certification Board (www.DFCB.org) housed at the University of Central Florida's National Center for Forensic Science will offer its certification exam early in the spring of this year. This non-partisan body represents the collective effort of law enforcement, private sector, government, military and academia. For the sake of full disclosure, yes I am part of this effort.

More information about this effort will be presented at the Digital Sciences & Multimedia Section of American Academy of Forensic Sciences Annual Meeting in Colorado this February.