More Digital Forensics

The book I read to research this post was Digital Forensics for Legal Professionals by Larry Daniel et al which is an excellent book which I bought from kindle. If you find this post interesting you might be interested to know I did a post on cybercrime on my technology blog at http://scratbagroberts.com  a few days ago. Many digital forensics experts are just computer experts which often means computer repairmen & you have to be careful not to be taken in. Digital forensics is very specialized & often experts are in short supply. If a hard drive has to be removed from a computer for examination the digital forensics expert should do it so he can verify it came from that computer. If there's no password on the pc anybody could have gained access to it. An interesting point in this book is that in pornography cases obviously the defendant has to see the pictures & the digital forensics expert has to make a copy of the hard drive to collect evidence but technically both things are illegal. In cases like that they do a minimal number of copies because if they did an excessive amount that would be illegal. If you go to search.org they list information providers for things like ISP's. If you need information from facebook you need the exact account name & in the relatively old days everyone on facebook had a number as part of their account name so you need that. If you're making a copy of a hard drive you need write blocker hardware to preserve the data but if it's a laptop because you may not be able to remove the hard drive you need write blocker software. Also the hard drive has to go in a tamper proof bag. Mobile phones have to go in a faraday bag & when you are examing them they remain in the bag. Locations of mobile phones can be traced by cell towers but the accuracy isn't perfect ie if something blocked the mobile phones signal for a period of time. Also for example in Arizona they don't have daylight saving time which can cause questions about the exact time something. Finally let me say that digital forensics includes things like GPS it isn't just about computing devices. Also more & more court cases are relying on digital forensics.