1.1 Digital Evidence

Previous page
Table of content
Next page

1.1 Digital Evidence

For the purposes of this text, digital evidence is defined as any data stored or transmitted using a computer that support or refute a theory of how an offense occurred or that address critical elements of the offense such as intent or alibi (adapted from Chisum 1999).

start sidebar

Digital evidence has been previously defined as any data that ran establish that a crime has been committed or can provide a link between a crime and its victim or a crime and its perpetrator (Casey 2000). The definition proposed by the Standard Working Group on Digital Evidence (SVVGDE) is any information of probative value that is either stored or transmitted in a digital form. Another definition proposed by the International Organization of Computer Evidence (IOCE) is information stored or transmitted in binary form that may be relied upon in court. However, these definitions focus too heavily on proof and neglect data that simply further an investigation. Additionally, the term binary in the later definition is inexact, describing just one of many common representations of computerized data.

end sidebar

The data referred to in this definition are essentially a combination of numbers that represent information of various kinds, including text, images, audio, and video. Take a moment to consider the types of digital data that exist and how they might be useful in an investigation. Computers are ubiquitous and digital data are being transmitted through the air around us and through wires in the ground beneath our feet.

The terms digital evidence and electronic evidence are sometimes used interchangeably. However, an effort should be made to distinguish between electronic devices such as mobile telephones and the digital data that they contain. Although this text necessarily covers certain aspects of electronic devices, the focus is on the digital evidence they contain. When considering the many sources of digital evidence, it is useful to categorize computer systems into three groups (Henseler 2000).

Open computer systems: Open computer systems are what most people think of as computers - systems comprised of hard drives, keyboards, and monitors such as laptops, desktops, and servers that obey standards. These systems, with their ever increasing amounts of storage space, can be rich sources of digital evidence. A simple file can contain incriminating information and can have associated properties that are useful in an investigation. For example, details such as when a file was created, who created it, or that it was created on another computer can all be important.

Communication systems: Traditional telephone systems, wireless telecommunication systems, the Internet, and networks in general can be a source of digital evidence. For instance, the Internet carries e-mail messages around the world. The time a message was sent, who sent it, or what the message contained can all be important in an investigation. To verify when a message was sent, it may be necessary to examine log files from intermediate servers and routers that handled a given message. To verify the contents of a message, it may be necessary to eavesdrop on the communication as it occurs.

Embedded computer systems: Mobile telephones, personal digital assistants, smart cards, and many other systems with embedded computers may contain digital evidence. For example, navigation systems can be used to determine where a vehicle has been and Sensing and Diagnostic Modules in many vehicles hold data that can be useful for understanding accidents, including the vehicle speed, brake status, and throttle position during the last five seconds before impact. Microwave ovens are now available with embedded computers that can download information from the Internet and some home appliances allow users to program them remotely via a wireless network or the Internet. In an arson investigation, data recovered from a microwave can indicate that it was programmed to trigger a fire at a specific time.

Given the ubiquity of digital evidence it is the rare crime that does not have some associated data stored and transmitted using computer systems. A trained eye can use these data to glean a great deal about an individual, providing such insight that it is like looking through a stained glass window into the individual's personal life and thoughts. An individual's personal computer and their use of network services are effectively behavioral archives, potentially retaining more information about an individual's activities and desires than even his/her family and closest friends. E-commerce sites use some of this information for direct marketing and a skilled digital investigator can delve into these behavioral archives and gain deep insight into a victim or offender (Casey 2002).

Despite its prevalence, few people are well versed in the evidentiary, technical, and legal issues related to digital evidence and as a result, digital evidence is often overlooked, collected incorrectly, or analyzed ineffectively. The goal of this text is to equip the reader with the necessary knowledge and skills effectively to use digital evidence in any kind of investigation. This text illuminates the technical, investigative, and legal facets of handling and utilizing digital evidence.



Previous page
Table of content
Next page
Digital Evidence and Computer Crime
Digital Evidence and Computer Crime, Second Edition
ISBN: 0121631044
EAN: 2147483647
Year: 2003
Pages: 279
Authors: Eoghan Casey BS MA
BUY ON AMAZON
WebLogic: The Definitive Guide
FileMaker Pro 8: The Missing Manual
Building Web Applications with UML (2nd Edition)
Microsoft WSH and VBScript Programming for the Absolute Beginner
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy