The fundamentals of Digital Forensics and Evidence
The science of digital forensics is the study of legal issues and the pursuit of answers
to legal problems by applying scientific knowledge through technology. There
are two specific cases where the legal system is involved; the first occurs when
a private individual or sector is involved, for example when a business needs
facts to support a civil action like a lawsuit and the second instance occurs
when a crime is suspected or has been committed. Now, in both cases, a
forensics investigator, or rather a practitioner of forensic science must check
the current resources to find facts established by the available resources.
Moreover, the facts provide an answer the anticipated questions or questions
asked by the legal system.
There is a difference between the investigations launched within the private
sector and that of the public sector for criminal investigations. The major
difference is the degree of impact from the cross-examination. However, the
private sector investigation is launched when the following events occur:
The loss/gain of money or goods
The loss or retention of employment
Potential disciplinary actions
The main cause of an investigation in the public sector is a criminal activity
which is capable of convicting an individual. In very few cases, a public
investigation involves the liability of civil servants in issues involving public
safety, and these investigations can result in the loss of public taxpayer funds.
Since most public investigations include crimes and the criminals that commit
them, the term public investigation will be used synonymously with a criminal
investigation in the rest of the text.
The financial costs associated with legal action are the major drive for forensics
in investigations. In public probes, a prosecution can take years and cost
several millions of dollars. However, if the accuser fails to convict the suspect,
the suspect is entitled to restitution for damages to reputation or wages.
Although, the suspect will have to pursue a legal action to recoup damages.
However, the legal actions in the private sector are not exempted from
monetary impulse as private sector legal proceedings can extend to several
years and cost millions of dollars. Besides the financial costs, private sector
cases usually consume time and not convenient for all members. Moreover,
the possibility of a successful legal action whether private or public increases
considerably as the level of confidence in the facts of the investigation
increase. For example, private sectors are usually examining facts to assess if a
company policy or its employment contracts are violated. With very few
exceptions, public sector investigations involve law enforcement such as
investigations of a crime that occurred or in cases where a crime is suspected
to have occurred.
Private investigations have the potential of revealing criminal activity; though
the technology and tools used for gathering facts are the same or similar for
the private and public sector, however; the procedure differs a lot. Even
though they differ, the two rules are rarely incompatible; as it needs an
agreement with all the parties involved including the forensics investigators,
private sector attorneys as well as local law enforcement and public attorneys
to keep up with the levels confidence on the facts of the investigations.
Forensic investigators are trained professionals who apply the science of
forensics and uses of several sciences knowledge such as geology, physics,
chemistry, toxicology, etc. Therefore, forensics can be defined as the
application of diverse scientific knowledge to solve of legal problems. The first
role of a forensics investigator is to assess the legality and appropriateness of
collected evidence. However, if nature of investigations requires that evidence
collection and analysis be performed in full compliance with the law; both the
public and the private investigator must respect the rights of individuals.
Another function of a forensics investigator is to maintain an exact “chain of
custody” in all evidence gathered in a case. The chain of custody is a simple
report of the evidence gathered; the time of collection, and the time it was
accessed. An exact chain of custody is required to prevent contamination or
any appearance of contamination of the evidence. The chain of custody is
necessary for both public and private investigations. However, once the likely
cause is established, a call is issued. With a call in hand, the law enforcement
agencies are not only allowed to search for the relevant evidence of a crime
but also to collect any evidence in “plain sight, ” i.e. an evidence showing that
an offense has been committed.
Whether public or private, the facts of a case are developed from the evidence
obtained from an investigation. A shred of evidence can be defined as
anything real or ephemeral that reveals and objectively proves the facts of an
investigation. The evidence is used to establish the facts that a crime was
committed; the suspect that committed or did not commit a crime, the order
of events during the crime and the motive. However, the evidence can either
be; blood evidence, material traced evidence, finger prints, private or personal
records, public records, drug content, surveillance evidence, confession, and
During an investigation, two different roles are involved in the field of
forensics. The first role is that of evidence collection. This task requires a
relatively limited experience, training, and qualifications. An investigator
undertaking this task usually travel to the scene of a crime or can be called to
prepare evidence for the second role. The second role is that of evidence
analysis. Here, the evidence is reviewed, assessed, and analysed for facts and