Digital forensics

In a digital world evolving rapidly, technological risks are growing at the same pace: child pornography, drug trafficking, cyber-terrorism, online fraud or Human trafficking. The digital world is becoming a place for criminal activity.

Criminals are using technologies to commit infractions. Since then, police investigation developed digital forensics in order to apprehend these offenders.


What is Digital forensics?
 

Digital forensics or digital forensic science is a branch of forensic science. This science encompasses the investigation in digital devices and the recovery of information in digital devices as well as preserving, analysing and presenting digital evidence.

Digital forensics are using any device capable of storing digital data like smartphones, computer or IoT, maybe soon connected cars. Digital forensics can be used for judicial investigations and private investigations. In the public sector and, since the 21st century, national legislation emerged more and to govern this practice. For example, Article 5 of the European Convention on Human asserts the protection of private life and limits processing and transfers of personal data in the EU. Likewise, the GDPR protects personal data and can be applied when processing personal data.

Police officers need to have a new framework regarding digital evidence to ensure their admissibility in court. National legislation autorises police officers to resort to digital forensic practices to investigate. The main area in which it is used is bring evidence of the culpability or innocence or a suspect before a court: civil, criminal or commercial courts.

Digital forensics methods can be applied for two different types of crimes: Crimes committed due to computers like Human trafficking, cyber stalking or cyber terrorism and crimes facilitated due to computers like data breaches or theft of information. Each cases, can involve a digital device hence, these practices can be used in various investigations.


What are technical of Digital forensics?

Moreover, the legal framework use different techniques depending on the infraction to investigate:

  • Computers forensics: The goal of Computer Forensic can be resumed as follows: « to explain the current state of a digital artifact; such as a computer system, storage medium or electronic document ». This science computer, embedded systems and static memory. It may rely on the need to preserve evidence, the need to create a disk image or virtual drives maybe used to emulate entire machines. 
  • Mobiles devices forensics: This science is Digital Forensic applied to mobile devices and the recovery of digital evidence and data from this advice but focused in SMS and email. This science has a variety of goals: collecting information, proving location information or locating a person (suspect, victim) or tracking GPS coordinates.
  • Network Forensics: This technic should monitor and analyse computer network traffic, both local and WAN/internet, and get the information or detected intrusions.
  • Forensics Data analysis: This branch of Digital Forensics studies structured data with the goal to discover and analyse criminal activities, specifically financial crimes. 
  • Database Forensics: investigates databases, their metadata and their use.
  • Education and Research: Conscious of issues of Digital Forensic and this raising importance, some universities in the world of tech try to develop this science like Lausanne University, Norwegian University of Science and Technology, Technologies Universities of Troyes or in the United-States : Penn State University. 

So digital forensics have 4 areas of analyse:

  • Storage media,
    • Hardware and Operating systems,
    • Networks
    • Applications.

The police is about electronic discovery, with Digital forensic process and could be resume in three steps:

  • Data collection: police officers collect exhibits. Ideally, when the collect is easy, they create a duplicate of volatile memory or RAM of the media. For the investigations in the cloud, they use « live acquisitions», whose consists in a software copy of the data. These steps can consist in a keyword search, recovering deleted files and extractions of registry data.
    • Examination and Analysis: The evidences are analysed to construct evens or actions of crimes.
    • Reporting in the data collection: When a digital investigation is completed, the police officers should realise research conclusions in written report. 

The challenge is to keep integrity and authenticity of information and data collected.

Science can help to solve crimes, to attribute evidence to suspects, confirm alias, statements or testimony or to authenticate documents. Each proof evidences when they are collected by police forces, are admissible in a court of law and an arbitral tribunal.

At an international level, there is a Digital Forensics authority: Interpol’s Digital Forensics Laboratory. It assists states in detection and using digital evidence as part of states police work. This Laboratory works with public or privates experts, sscholars. Interpol websites evokes this support of cities:

  • « Analysis of malware and other crimeware used submitted by member countries or private partners;
    • Assistance in examining digital devices to ensure a proper forensic examination;
    • Testing digital forensic tools developed by the private sector, academia and national research labs;
    • Training in the latest digital forensic tools and techniques;
    • Digital forensic experts can be sent at the request of a member country to provide on-site assistance during investigations. »

In contrary, some practises can limit forensic investigations. One major limitation is the use of encryption, because that is limited examine of evidence.


Do you want to do Carrer in this science ?

Forbes news had published « Six skills required for a career in Digital Forensics », by Laurence Bardford. The author distinguishes six skills :

  1. Analytical talent : « High speed of analytical thinking, and precise observation skills, which are often gained and tested at high tech military and intelligence cyber units are also important skills to have« .
  2. Computer science/tech skills : « An important quality of any great digital forensics investigator is a deep understanding of how technology really works, If you have experience [with] computer systems, programming, or other related fields, this will help [you] transition into digital forensics since you will already have a general knowledge of how technology and networks work, how digital systems interact with each other, and what is possible from a compromise perspective. »
  3. Understanding of cybersecurity. Issues linked to cyber-threats usually lead to issues regarding data breaches.
  4. Organization : « Being extremely organized and thorough are a must, Documentation of your findings is necessary as it is often required to present them to others such as attorneys and judges. »
  5. Communication skills : « Having both strong writing and speaking skills is extremely important to effectively communicate your findings to other team members and your clients. »
  6. Desire to learn : « To be a digital forensics examiner, you must have great pride to be one of the best in what you do. Self-critique skills for constant improvement of your work is a very desired trait. »


With the acceleration of digitization the Digital forensic will become the most effective weapon of polices. The rise of Digital Forensics may attract the private sector with a research rise economics interests in place of efficiency research. The sector of Digital Forensics surely will open news opportunities for criminals, for workers, for policies or for businesses.


Manon DANSAC
Master 2 Cyberjustice promotion 2018-2019


Sources:
« Digital forensics», on absmena website (http://www.abs-mena.com/solutions/digital-forensics/)

Laisser un commentaire