events throughout the world have changed and influenced how we think about the
gathering of evidence. Soon after the attacks on the
Finding digital data that can be used as evidence to incriminate or exonerate a suspect accused in a legal or administrative proceeding is not easy to do. When the founding fathers of the modern computing era were designing the digital infrastructure as we know it today, security and temporal accountability issues were not at the top of their list of things to do. Today, primarily due to the lack of a “trusted” computing environment, conducting digital forensic investigations, although difficult, has become commonplace in both the government and commercial sectors.
Many new digital forensic specialists can expect to utilize their skill set in a wide variety of investigative situations, which may include some of the following:
next generation of “digital detectives” will have to possess the knowledge,
skills, and experience to conduct complex, data-intensive forensic examinations
involving multiple operating systems and file types. As mentioned previously,
several colleges and universities across the
The skill sets that the digital forensic specialist must possess are varied. At a minimum, the specialist must have an in-depth knowledge of the criminal justice system, computer hardware, and software systems as well as investigative and evidence-gathering protocols. For example, the digital forensic specialist must become intimately familiar with the concepts of burden of proof, chain-of-custody, evidentiary analysis, and the rules of “best evidence.”
At a minimum, it is recommended that new digital forensics students take the CompTIA A+ Hardware training to become familiar with computer hardware. After a student is comfortable working with hardware, then it is time to move on to operating system fluency. Although there are hundreds of computer operating systems on the market today, it is recommended that the specialist become familiar with MS-DOS and the Microsoft Windows family. Oftentimes, digital forensic work will involve these platforms, with Linux and UNIX variations coming in at a close second place.
Over the past several years, many significant cases have been solved by the digital forensic specialist’s ability to “resurrect” files that were thought to have been erased, deleted, or otherwise destroyed by the suspect in the case. Finding the electronic “smoking gun” is by far one of the most rewarding aspects of this profession.
Today, when we look at which skill set is the most critical to have mastery over when dealing with digital forensics, it’s not the hardware, software, or even legal knowledge that is paramount. Being capable of articulating your investigative findings both verbally and on paper is what separates the amateurs from the professionals in this line of work. Many skilled technicians have solved complex digital forensic cases only to discover that due to sloppy record keeping and poor report-writing skills, they could not explain to a judge and jury how they found the smoking gun!
Finally, it is not just computers that harbor the binary code of ones and zeros, but an infinite array of personal digital devices. If it is discovered that one of these devices retains evidence of a crime or an incident, it will be up to one of our newly trained and educated digital detectives to find the digital evidence… in a forensically sound manner.