The media has presented a picture of computer forensics and the collection of data from a mobile device as a glamorous, fast process only used in high profile cases such as murder, espionage, and corruption. This is not the case. Let’s address a few common myths about computer forensics.
Myth 1: Computer forensics is only used in high-profile cases or divorces.
It is common knowledge that in high-profile criminal cases as well as civil cases involving infidelity, attorneys and investigators use computer forensics on a regular basis. We’ve all heard stories about the cheating spouse who was caught through text messages. However, less common cases include:
- employee termination,
- deletion of data,
- theft of data,
- missing persons,
- exposure of confidential or regulated data,
- data manipulation,
- improper access to systems,
- improper use of employer systems, and
- traffic accidents (texting activity).
Because technology is now such a large part of our daily lives, in short, just about any case can benefit from computer forensics. When thinking about a case, could there be digital evidence that is relevant?
Myth 2: Computer forensics is only for computers.
Computer forensics is used to collect data from an electronic device or electronic storage media. This includes but is not limited to desktop computers, laptops, cell phones, tablets, USB drives, and even cloud storage.
Computer forensics can recover deleted files and provide unique information that is not easily accessible by the user. For example, a cell phone stores information regarding wireless access points it connects to. This could be important as it relates to someone’s location at a given time. A photograph can contain GPS information.
Myth 3: Anybody can get data off of a computer, sometimes even deleted data.
Computer forensics provides an authenticatable way to collect electronic data. Merely printing a document, taking a screenshot of a few emails or text messages, or copying relevant files to a thumb drive may not be acceptable in court. Computer forensics, when done by a professional, is an authenticatable way to collect data from a device. Cases have been won and lost because of the way investigators collected relevant data.
Here are three stories about the importance of preserving evidence:
- Sanctions Implemented After Party Fails to Preserve Emails
- “No Emails Found” is Insufficient; Court Requires Party to Explain Steps Taken to Locate Responsive Email
- Party’s Failure to Produce Some Facebook Data Results in Compelled Discovery of All Social Media Data
Myth 4: Gathering the relevant information is a quick, painless process.
There are several factors that affect how long it takes to obtain data during a forensics analysis. These include access to the device, the time it takes to acquire data from the device, developing appropriate search parameters and analysis, and conducting search for documents, activity or images. Request for research can range from collecting a few text messages off of a mobile phone to collecting thousands of relevant documents from a server.
Each case is different. In each case the potential for the existence and importance of relevant electronic data is different. For this reason, I impress upon each attorney and potential client I meet to discuss the facts of the case with a qualified experienced computer forensic consultant. His or her perspective may shed light on how to prove or disprove an allegation and what forensic process are necessary and which ones are not. This will save time and confusion.
Myth 5: The answers to all of my questions are on the digital device.
Just because someone thinks the “smoking gun” email, text, data, or document is on an electronic device does not mean it is so. Sometimes deleted data is not recoverable. Many reasons can cause this, including the time between creation of data and preservation of data, use of the device, intentional erasing of the device or data, or damage to the device. Finally, the data may have never existed in the first place.
Finally, if there is a possibility that there is information on an electronic device that will bring answers regarding a matter, it is always best to search for the possibility.
Plan. Protect. Prosper.
Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.