Have you heard about the man who stole a car and entered his home post code into the sat nav? Not a great idea. Some fairly useful evidence was later found stored in the sat nav memory. This is one example of the multitude of ways in which developments in digital technology are giving rise to new types of forensic evidence.
Digital Forensics means the extraction and analysis of data from any digital device for the purpose of law enforcement – principally computers, mobile phones and CCTV systems but other devices also including digital cameras, PlayStations, and smart televisions.
Today, digital evidence is often a key factor in crime investigations, given the proliferation of mobile devices, email, text messaging, social media applications and digital cameras. Staying ahead of the digital forensics curve is a big challenge for the forensic science community.
Computer Forensics involves the collection, preservation, data extraction and analysis of digital evidence recovered from a computer or other storage media, such as USB flash drives, CDs, DVDs, and storage cards. The data may be in the form of a document, picture, e-mail or internet activity. It may also have been deleted, hidden, fragmented or copied from another source.
The data on a device must not be changed by the examination so it is usually first copied (or ‘imaged’) to another storage medium and a write blocker employed to protect it. It can then be analysed. A range of proprietary and specialised forensic tools are available for doing so.
Mobile Phone Forensics is the forensic examination, analysis and reporting of data stored on mobile phone handsets, memory cards and SIM cards. This includes basic models and smart phones. The information that can be recovered from phones includes not just call history, the address book and voicemail, but also email, SMS text messages, images, and internet activity. The examination of mobile phones has been a major growth area in forensic science over the last few years.
Cell Site Analysis is the geographical locating of a mobile phone using call data records from a Network Operator relating to individual mobile phone base stations. The records include cell location data assigned to individual phone calls, text messages and data transfer sessions.
The evidence obtained can be combined with other evidence such as CCTV to determine if a phone was in the general vicinity of the scene of a crime or to investigate an alibi. Alternatively it can track the path of a mobile phone as it moves from location to location.
Further work can be carried out by on-site surveys (drive surveys and location surveys) to identify more precisely the geographical service area of a cell and to determine which cells can be accessed at specific locations related to a crime. Cell site analysis has provided key evidence in the investigation of a number of major crimes.
The demand for digital forensic examinations continues to increase rapidly and this has meant that triage processes – sorting enquiries into prioritised groups based on the need for the examination and the likely benefit of it – are now important in managing the work.
Rapid technological change increases the scope for the means by which crimes can be committed but also the means by which they can be investigated. The Internet of Things – the ever-increasing network of physical objects embedded with electronics, software and network connectivity which enable the objects to collect and exchange data – is a central element of these changes. There can be no doubt that digital forensic specialists will be kept very busy adapting to the associated crime investigation challenges in the years to come.