Digital forensics is deeply ingrained in modern police work. Alongside forensic science and traditional investigative techniques, it helps to build cases against accused criminals and convict the guilty.

It’s also a rapidly evolving field. That’s because new technologies are constantly being developed, which hold new forms of incriminating data. Its importance, as a result, is only likely to increase.

What is digital forensics, and what are its scopes?

Digital forensics is the process of extracting evidence from digital sources that can be used in a court of law. The scope of digital forensics includes both cybercrime and physical crime. This is because of the richness of data held in personal devices.

DIGITAL FORENSICS EXAMPLE ONE

A prime use case for digital forensics is on seized hardware. In the case of a known sex offender, investigators would be responsible for auditing their digital devices, including:

• Laptops
• Smartphones
• Smart watches
• Cameras
• Tablets
• Fitness trackers

That’s because they all contain IP addresses, serial numbers and location data. They’re also connected to other digital devices. For example, a smart watch is connected to a smart phone which is connected to a laptop. Digital forensics interrogates these connections to reveal illicit activity and safeguard children.

DIGITAL FORENSICS EXAMPLE TWO

In a murder case, law enforcement would audit the devices of the defendant. This is because mobile phone messages, instant messenger chats and social posts give context to the crime. For example, they could reveal things like:

• Prior domestic disturbances
• Violent behaviours
• Extramarital affairs
• Money problems

This digital evidence would help to reinforce any physical and testimonial evidence, bringing a richer case against the accused.

How does digital forensics software work?

Digital forensics software prioritises data integrity. For example, when scanning hard drives, all files are locked to read-only. That’s because modified evidence cannot be passed in a court of law. This process is called data carving, which involves cloning a disk to preserve evidence in its original form.

These can be mined for:

• Histories of illegal activity
• Encrypted spacing
• Illegal files
• Deleted files
• Track logs

Can we trust digital forensic evidence?

Though digital forensics places immense importance on data integrity and corroboration, it is important that due process and legislation are followed when dealing with it. This means striking a balance between respecting the rights of law-abiding citizens and giving law enforcement the powers to properly investigate suspects.

Due process and legislation itself should also be constantly reviewed and updated so as to reflect the rapidly evolving digital landscape. Law enforcement’s use of Clearview’s facial recognition software, for example, recently generated unwanted press after privacy advocates claimed it was “untested and unregulated”.

YOU MAY ALSO LIKE: Open source intelligence: What social media can tell us

Why do we need digital forensics?

Data is the most valuable resource in the digital world. People are increasingly finding ways to leverage it for good, whether it be in a business or a wider societal context. Digital forensics is a crucial way to make that data matter. After all, it helps to keep the public safer.

DIGITAL FORENSICS PROS

In historical child sexual exploitation cases, for example, a victim’s word would be pitted against the perpetrator’s. In the absence of physical evidence or witnesses, prosecuting the perpetrator would be incredibly difficult. But with evidence from hundreds of digital devices, there are now more ways to determine the five Ws of cases:

• What
• Why
• Who
• Where
• When

For example, Dark Web images and videos of the act occurring can be mined for metadata. Then, they can be cross-referenced with images and videos found on the surface web. This means that:

1. Victims can be safeguarded quicker
2. Perpetrators can be apprehended sooner
3. Criminal cases brought against the perpetrator have a better chance of success

DIGITAL FORENSICS CONS

Because more child sexual exploitation (CSE) crimes are being broadcast and shared online, there is a greater chance revictimization. So not only is the victim abused by the perpetrator, they are also abused by other perpetrators who view the content.

Of course, digital forensics leverages the data held in that content to apprehend perpetrators. But its very existence of this content can have a significant mental impact on victims.

What are the main misconceptions about digital evidence?

Often, it’s assumed that the moment law enforcement seizes a suspect’s device, prosecution is simple. However, because of the amount of data held on hard drives, it can take months to complete processing. Gathering evidence is made even more complex by practices like hard drive encryption which protect criminal assets.

Is digital forensics the same as computer forensics?

Though the terms are sometimes used interchangeably, computer forensics is a component part of the wider field of digital forensics. Whereas digital forensics focuses on every type of digital device, computer forensics is only concerned with evidence found on computers.

What is the future of digital forensics?

Because of the explosion of data and devices, the scope of digital forensics can only expand. And with that expansion, more sophisticated means of drilling into data will be developed. AI is likely to play a key role in this process.

In the field of child sexual exploitation (CSE), AI will be used to prevent investigators from viewing duplicate images of abuse. The benefits of this are two-fold.

Firstly, investigators will be empowered to be more effective with their time by focusing on new abuses images. These are likely to include perpetrators at large and critically vulnerable victims.

Secondly, the psychological impacts on investigators will be reduced, meaning that their specialist skills can be taken advantage of for longer.

Which digital forensics technologies are helping law enforcement catch criminals?

Microsoft’s PhotoDNA is a leading digital forensics technology which discovers and removes known images and videos of child sexual exploitation.

There is also a worldwide ecosystem of smaller, morally driven tech providers helping law enforcement maximise their efforts in the field. They include:

• Griffeye (Sweden)
• Paliscope (Sweden)
• Qumodo (United Kingdom)
• Pathfinder Labs (New Zealand)
• Project VIC (United States)
• Hubstream (United States)

All of these stakeholders work together to create victim-centric approaches. They achieve this by setting data sharing standards which ensure that different tools can communicate with each other. This means investigators don’t suffer data silos and get maximum value out of the digital forensics toolkits they use.

CameraForensics is also committed to this approach. We firmly believe that reducing the workloads of investigators is key to the prevention and prosecution of child sexual exploitation (CSE). That’s why we build our platform alongside law enforcement and provide the functionalities they need.

For more digital forensics insights, sign up to our newsletter