Edited: June 11,2018
Nexigen, A greater Cincinnati computer forensics firm has been in the computer forensic business for over 5 years. The progress and challenges of computer forensic investigation are increasing over time with the introduction of cloud systems that span the globe along with new encryption methods for personal protection. Compared to the non-computer age Forensics is changing significantly, and the legal system is still catching up when it comes to properly employing digital evidence.
Broadly speaking, digital evidence is information found on a wide range of electronic devices that are useful in court because of its probative value. It's like the digital equivalent of a fingerprint or a muddy boot.
However, digital evidence tendered in court often fails to meet the same high standards expected of more established forensics practices, particularly in ensuring the evidence is what it purports to be.
Technology changes evidence if not used properly
This is not the first time that technology has impacted the way evidence is gathered and presented in courts. And it's not the first time that there have been problems in the way new evidence is used.
You might remember the case of the death of Azaria Chamberlain at Ayers Rock (Uluru) more than 30 years ago. Forensics played a key role in the conviction of Lindy Chamberlain in 1982. However, her conviction was later reversed in 1988 following closer scrutiny of the evidence specifically DNA. With DNA evidence now being more and more scrutinized it seems that digital is following suit.
The special properties and technical complexity of digital evidence often makes it even more challenging, as courts find it difficult to understand the true nature and value of that evidence.
Nexigen, A Greater Cincinnati digital forensics firm has a role of the interpreter, explaining what the evidence means in a legal context. We have been extremely successful in this effort working alongside the legal teams that bring us in for support.
It is increasingly common for criminal trials to rely on digital evidence.
There are several reasons for problems to occur in digital evidence handling in many court cases today. Firstly, the evidence might be compelling at first glance, but it could be misleading. The defendant may also have limited financial resources to rebut the evidence. The defense attorneys might also misread the evidence. Plea-bargaining offers can also lessen sentences.
Conversely, other investigations may not get to trial because of the complexity or incompleteness of the evidence.
Worryingly, some defendants are pleading guilty based on what appears to be overwhelming hearsay digital evidence without robust defense rebuttal. In these cases, the defense lawyer – whose job it is to analyze the evidence – may simply not understand it. This is why external digital forensics consultants can be so important.
However, the high cost of mounting a defense using forensic practitioners is often beyond the financial reach of many. For those qualified to receive legal aid, it is increasingly hard to obtain sufficient funding because of stringent budgeting regimes in various Australian jurisdictions.
Other factors can affect the validity of the evidence, including; failure of the prosecution or a plaintiff to report exculpatory data; evidence taken out of context and misinterpreted; failure to identify relevant evidence; system and application processing errors; and so forth.
Investigators undertaking these important but tedious tasks are often under-resourced, over-burdened with complex cases, increasingly large and complex datasets, etc.
Forensic analyses and evidence presentations are sometimes confounded by inexperienced investigators and communicators, which is further exacerbated by faulty case management.
Another problem issue is the non-sophisticated nature and reliability of forensic tools and processes that meet the needs of investigators and the expectations of the courts. However, I also suspect some courts may be unaware of these undercurrents, or what standards they should expect of the evidence.
Getting it right
Digital forensics is still in its infancy, and it is has been more of an art form lacking broad scientific standards to supports its use as evidence. In today's world with more maturity in the toolsets and guidelines, we are seeing the benefits with a strong scientific approach.
The call has been heard from researchers to test and trial better forensic practices and forensic tools. This is especially important due to the increasing size of data storage on some personal computing devices, let alone cloud and network storage, which presents greater recovery and jurisdictional challenges to practitioners.
We also need new tools and processes capable of locating and recovering sufficient evidence from larger data sets quickly, efficiently and thoroughly. Forensic tools are often commercial products but are growing quickly to meet the demands. Problems still exist in that tools fail to identify all evidence from larger datasets in a timely manner. Time is one of the major factors as the court does not wait on forensics farther it dictates time frames without understanding the time constraints which exist to complete the work in a proper fashion by the digital forensic investigator. The processes used by law enforcement tend to be agency-centric with little consensus on practice, standards and processes and sharing of case knowledge.
- Collection is key
o Mobile devices need to be handled differently than hard drives.
o Cloud solutions need to be accounted for by experts in the field.
o Clear definition of needs should be set up front. With the dynamic nature of court cases, this cannot always be achieved.
o Attorneys need to increase technological knowledge to better communicate with the forensic investigator and meet the language barrier in the middle.
o As judges sometimes push for tight time constraints the attorneys need to push to provide ample time for proper forensics to take place. The larger the data set the long the delay needed.
4. Explanation is key
o Deeply understanding findings and having routine conversations between the attorney and investigator will allow for stronger showings in front of the judge.
Author Information – Jon Salisbury – Chief Technology Officer @ Nexigen