Digital Forensics for Private Investigators
Andrew von Ramin Mapp (editd by Dave Carlson) - February 09, 2009
What is Digital Forensics?
Digital Forensics is the terminology used when digital artifacts are collected from a computer system in a forensically sound manner. In other words, digital artifacts such as documents, spreadsheet, pictures and email can be retrieved from a computer, PDA or any other type of digital device with storage capability. The material is then analyzed and preserved. This operation can often be done even if the data has been intentionally erased. Digital Forensics procedures will allow the forensic examiner to reveal digital evidence, and display the exact time and date the information was created, installed, or downloaded, as well as when it was last accessed.
Although the first computer crimes occurred in the 1970's, computer forensics is still a relatively new field. While we now have more PC and mobile device users then ever, the demand for Digital Forensics is quickly increasing. Laptop computers, PDA's and mobile phones with the capability of storing pictures, connecting to the Internet and e-mails, more and more often require the need of Digital Forensics to determine the action to be taken in criminal litigation cases, corporate espionage, and accusations of child pornography.
Likewise, acts of terrorism as well as the practices of disgruntled employees and the behavior of cheating spouses, all have one thing in common: they frequently utilize computer systems and mobile devices to assist them in their unethical actions and crimes. The evidence that these activities leave behind is readily detected through the procedures of digital forensics.
Digital Forensics or Computer Forensics?
In the past, computer forensic investigations have had PC and Laptop systems as their primary target for examination. Within the past years, the computer forensic field has been forced to broaden its scope, tools and investigative techniques in order to keep abreast of the personal technology being used by common citizens. Equipment such as Cell phones, PDA's, Blackberrys and GPS systems are used on a daily basis, and can contain vital information from sms test messages, emails, phone logs and previous GPS destination coordinates. Therefore the term Digital Forensics is becoming very popular as the computer forensic field expands and incorporates the digital analysis of new technological devices.
What can a skilled Digital Forensic Examiner do?
A skilled digital forensic examiner can recover deleted files from a computer. He or she can view which websites have been visited from a specific computer even after the browser history and cache have been cleared and deleted. A digital forensic examiner is able to review previous communications sent and received via an instant messaging and chat application such as yahoo instant messenger and msn messenger. The forensic process also will restore deleted or hidden pictures and email messages. In addition, the forensic examiner is trained to analyze and re-create deleted text messages and call logs from cell phones, PDA's and Blackberry devices.
How the Private investigator can benefit from Digital Forensics
Digital Forensics can assist the private investigator in many ways principally by identifying vital information and saving cost and time. Often 2-3 hours of digital forensic examination techniques are able to expose more evidence then several days of surveillance and dumpster diving. Deleted data from digital devices such as cell phone text messages and other acts are often recoverable; for example, did your client's spouse have an instant messaging conversation? Are those deleted emails recoverable? What websites did the suspect visit?
Several examples below elaborate how Digital forensics can assist the private investigator in specific cases and tasks:
Adultery cases:
Online chats or sms text messages are often used to arrange meetings and providecovert communication to avoid suspicions by the spouse.
Fraud Cases:
It is often possible to determine when and if a document was altered. Unless the document was produced by a typewriter, there always is or at least has existed an electronic copy somewhere. In addition the most common word processor, "Microsoft Word" which is part of the Microsoft office suite embeds Meta data into each document. This Meta data can provide vital information such as the identity of the author and the computer on which the document was composed. The same applies to Microsoft Excel spreadsheet applications.
Tailing a suspect:
When tailing a suspect, imagine how informative it could be to know his/her previous destinations, prior to starting the assignment. Impossible you say! This is not necessarily so especially if the individual had traveled by automobile and used a GPS (Global Positioning System). Some of the most recent advancements in Digital Forensics allow for the retrieval of information from the most common GPS systems.
Harassment cases:
There are many different types of harassment. It is often the case that your client may not only be receiving harassment in person, but also via phone, and/or email. A Forensic Examiner can preserve logs of phone calls received from cell phones and present them as evidence by strictly maintaining a chain of custody. Every email sent from a given source to a specific destination leaves information embedded in that email. This information is referred to as the email header. The forensic examiner can analyze the email header and trace it back to the origins of the IP address from which it has been sent.
Surveillance:
When considering surveillance, most think of traditional techniques such as: tailing, stakeouts and video surveillance. However, modern computer techniques can also be a valuable asset to the private investigator. There are such devices as spy ware programs and keystroke loggers that will provide real time information about what, where and when things have occurred on a suspected computer.
Who has the right to search a computer or Digital device?
The Fourth Amendment protection against unlawful search and seizure only applies to government entities such as law enforcement. The Fourth Amendment does not apply to private searches. A private search can be conducted or authorized by anyone who has a legal right to the data stored on the computer, such as employers or spouses. Since computers are common property, spouses can give consent to a private search of the computer
Conclusion:
In the dynamic world of Private Investigation, it is vital to adapt to new technologies and be able to provide your clients with competitive services of the highest degree. Most importantly, it is essential to keep your clients in your domain for all of their investigative needs. Therefore training private investigators in the art of Digital Forensics or partnering with a Digital Forensic expert is a necessary step in securing not only the stability and longevity of your business but assuring that it is prepared to meet the requirements of the technological exigencies of the future.
|