What Is Digital Forensics? Web's Most Asked Questions
What is Digital Forensics? Why Digital Forensics is important?
Google reveals some odd phraseology when it comes to our searching.
Why Digital Forensics 'is' important... I hope... is less of a question and more of a statement.
There's one thing that's often forgotten when describing Digital Forensics. The etymology of the word Forensic tells you all you need to know.
It comes from the Latin Forum which is morphed into forensis. Meaning “in open court or public”.
A statement made in court by an expert needs to be robust, accurate and free from conjecture or subjectivity. It cannot be “fake news”.
The forensic process used is formed by documenting a structured approached to any task.
The digital part is the complexity. It used to be called “computer forensics” however ”computers” have morphed into a an array of devices including the Internet of Things (IoT), so think phones, memory cards, 5.25” floppy disks and Internet-connected Toasters. And the modern stuff too.
All things that could contain digital data can contain evidence related to an investigation.
The UK Association of Chief Police Officers guideline principles gives us a great summary:
· Principle 1: No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court.
· Principle 2: In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
· Principle 3: An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes an achieve the same result.
· Principle 4: The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to.
Digital Forensics is the ability to be able to have a robust enough audit trail combined with logic and reasoning, applied to the data from the digital universe.
That approach should be reproducible by another Digital Forensic practitioner. They should be able to come to the same conclusions.
Digital Forensics tools are not a requirement for eDiscovery processes (see previous article), although a Forensic ‘approach’ is.
For eDiscovery one might want to apply a “Forensic approach” to the entire process. Who had access to the data, where did it come from and can we prove its provenance? These questions rarely come up in large scale litigation, but if they do you definitely need an answer. Though you don’t necessarily need a full Forensic suite of software and experts to apply a Forensic approach that encompasses these principles.
Who uses digital forensics?
Another most frequently asked question. Though I am confused about it. If you've heard of the term 'digital forensics' then you must have an idea already who uses it? My guess is that this comes from people watching CSI, think 'this is cool' and then decide the want a career in it. First port of call: Google.
Law enforcement, regulators, companies of all sizes and even the military, are huge consumers of Digital Forensics. Its latest incarnation is application in Cyber Security. Looking at how a Cyber-attack took place, what was stolen or damaged, how it was stolen and how to prevent it, require a Forensic approach to investigation so a conclusion can be arrived at which is verifiable and cannot be subject to doubt at a later date.
Often Digital Forensics tools and techniques are used for internal investigations, sometimes by Compliance, Legal, HR or Security departments, to understand an issue such as a disgruntled employee misappropriating data, potential fraud etc. Any crisis a company may experience might warrant a methodical investigative approach, even when the risks are not yet clear.
One must understand that where there is a risk to a company, these small crises may turn into larger and more public ones. Therefore, it helps to consider Digital Forensics as the starting point for any investigation.
Digital Forensics practitioners can utilise a vast array of complex tools and techniques, coupled with their extensive expertise and experience, to understand the digital footprint left behind by an event that utilised a digital medium, be that an iPhone, a cloud based email system or even ‘secure’ messaging applications. The plethora of options can be a minefield and often a fail-safe is to mix-and-match for any scenario. Your forensic kit should include equipment to tackle the most common scenarios.
There we are. No so much Google this time, but hopefully that’s a useful summary for those who just need the basics.
Next topic? Let me know!
#legal #legalops #compliance #IT #technology #legaltech #regtech #legaltech19 #legalweek19 #legalweek #counsel #litigation #forensic #investigation