The Art of Forensics, Chapter #02: Digital

Forensics is the application of science and scientific methods to the investigation of criminal and civil procedures. Encompassing everything from aging to DNA analysis, the field of forensics is quite wide.

Los Angeles digital forensics

Today, information is both communicated and stored on digital mediums - making digital forensics, the focus of this article, particularly important. Today, we will look at the simple 3-step process of digital forensics commonly employed by some of the most famous Los Angeles’ digital forensics experts.


Acquisition of Data

Data acquisition is the first and most vital step of any digital forensics investigation. The process and methodology used for data acquisition can either make or break the case. For digital forensics, data is acquired in two distinct ways:

Direct acquisition: The process of acquiring data through physical copies like hard disk drives (HDD), solid-state drives (SSD), magnetic tapes, and random access memory (RAM), etc.

Indirect acquisitionAcquisition of data by making digital copies of the primary data using various tools and techniques.

Accessing the Data

Digital data, be it a USB or on the internet, is stored behind layers of encryption and firewall. Various tools and techniques are required to break through these layers, with the difficulty of the task mostly depending on the data’s medium. For example:

HDDs are made up of solid metal disks that store data as magnetic curves and groves; kind of like vinyl records. Being pretty resilient to abuse, HDDs can store data for long periods even after deletion. This gives the analyst some leeway to try more than one method for accessing.

On the other hand, we have SSDs that store data as electron spins. And because of that, SSDs are far more volatile than HDDs i.e. they lose data over time and any deletion is almost always permanent. This means that the analysts need to be very careful when trying to break through an SSD’s protocols.

Analysis of the Data

Digital data is stored and collected as nothing more than a collection of 1’s and 0’s; analysis is the process of changing this data into readable information. For analysis, Los Angeles digital forensics experts use a simple step by step process,

1. Search for any missing bits of information.

2. If found, use appropriate algorithms to reconstruct the missing information.

3. To make the data readable, use tools like EnCase, ILOOK, etc.

4. Categorize data into groups like emails, images, chats, and documents, etc.

5. Use appropriate keywords to look for evidence-specific information.

Legality

Lastly, we must take into consideration the legality of digital forensics and its admissibility as evidence. Although there are laws that govern every facet of digital forensics, most of them only focus on acquisition. The acquisition of digital data falls under the Federal Privacy Act and The Electronic Communications Privacy Act, which rule any data as inadmissible if it’s obtained without proper authorization or warrant. Therefore, it’s recommended that the investigators coordinate with the local authorities to make sure that their investigation is within legal bounds so the evidence they gather is admissible in court.