The fundamentals of Digital Forensics and Evidence
The science of digital forensics is the study of legal questions and the search for answers. to legal problems by applying scientific knowledge through technology.
There are two specific cases where the legal system is involved; the first occurs when a private individual or sector is involved, for example when a business needs facts to support a civil action like a lawsuit and the second instance occurs when a crime is suspected or has been committed.
Now, in both cases, a forensics investigator, or rather a practitioner of forensic science must check the current resources to find facts established by the available resources.
Moreover, the facts provide an answer the anticipated questions or questions
asked by the legal system.
Forensics Investigations
There is a difference between the investigations launched within the private
sector and that of the public sector for criminal investigations.
The main difference is the degree of effectiveness of cross-examination. However, the
private sector investigation is launched when the following events occur:
The loss/gain of money or goods
The loss or retention of employment
Potential disciplinary actions
Criminal charges
The main cause of an investigation in the public sector is a criminal activity which is capable of convicting an individual.
In very few cases, a public investigation involves the liability of civil servants in issues involving public safety, and these investigations can result in the loss of public taxpayer funds.
Since most public investigations include crimes and the criminals that commit them, the term public investigation will be used synonymously with a criminal investigation in the rest of the text.
The financial costs associated with legal action are the major drive for forensics in investigations. In public probes, a prosecution can take years and cost several millions of dollars. However, if the accuser fails to convict the suspect, the suspect is entitled to restitution for damages to reputation or wages.
Although, the suspect will have to pursue a legal action to recoup damages. However, the legal actions in the private sector are not exempted from monetary impulse as private sector legal proceedings can extend to several years and cost millions of dollars.
Besides the financial costs, private sector cases usually consume time and not convenient for all members.
Moreover, the possibility of a successful legal action whether private or public increases considerably as the level of confidence in the facts of the investigation increase. For example, private sectors are usually examining facts to assess if a company policy or its employment contracts are violated.
With very few exceptions, public sector investigations involve law enforcement such as investigations of a crime that occurred or in cases where a crime is suspected to have occurred.
Private investigations have the potential of revealing criminal activity; though the technology and tools used for gathering facts are the same or similar for the private and public sector, however; the procedure differs a lot.
Even though they differ, the two rules are rarely incompatible; as it needs an agreement with all the parties involved including the forensics investigators, private sector attorneys as well as local law enforcement and public attorneys to keep up with the levels confidence on the facts of the investigations.
Forensics Investigators
Forensic investigators are trained professionals who apply the science of forensics and uses of several sciences knowledge such as geology, physics, chemistry, toxicology, etc.
Therefore, forensics can be defined as the application of diverse scientific knowledge to solve of legal problems. The first role of a forensics investigator is to assess the legality and appropriateness of collected evidence.
However, if nature of investigations requires that evidence collection and analysis be performed in full compliance with the law; both the public and the private investigator must respect the rights of individuals.
Another function of a forensics investigator is to maintain an exact “chain of custody” in all evidence gathered in a case. The chain of custody is a simple report of the evidence gathered; the time of collection, and the time it was accessed.
An exact chain of custody is required to prevent contamination or any appearance of contamination of the evidence.
The chain of custody is necessary for both public and private investigations. However, once the likely cause is established, a call is issued.
With a call in hand, the law enforcement agencies are not only allowed to search for the relevant evidence of a crime but also to collect any evidence in “plain sight, ” i.e. an evidence showing that an offense has been committed.
Evidence
Whether public or private, the facts of a case are developed from the evidence
obtained from an investigation.
A shred of evidence can be defined as anything real or ephemeral that reveals and objectively proves the facts of an investigation.
Evidence is used to establish the fact that a crime has been committed the suspect that committed or did not commit a crime, the order of events during the crime and the motive.
However, the evidence can either be; blood evidence, material traced evidence, finger prints, private or personal records, public records, drug content, surveillance evidence, confession, and
testimony.
During an investigation, two different roles are involved in the field of forensics. The first role is that of evidence collection.
This task requires a relatively limited experience, training, and qualifications. An investigator undertaking this task usually travel to the scene of a crime or can be called to prepare evidence for the second role.
The second role is that of evidence analysis. Here, the evidence is reviewed, assessed, and analysed for facts and conclusions.
