Recent
events throughout the world have changed and influenced how we think about the
gathering of evidence. Soon after the attacks on the
Finding
digital data that can be used as evidence to incriminate or exonerate a suspect
accused in a legal or administrative proceeding is not easy to do. When the
founding fathers of the modern computing era were designing the digital
infrastructure as we know it today, security and temporal accountability issues
were not at the top of their list of things to do. Today, primarily due to the
lack of a “trusted” computing environment, conducting digital forensic
investigations, although difficult, has become commonplace in both the
government and commercial sectors.
Many
new digital forensic specialists can expect to utilize their skill set in a
wide variety of investigative situations, which may include some of the
following:
Our
next generation of “digital detectives” will have to possess the knowledge,
skills, and experience to conduct complex, data-intensive forensic examinations
involving multiple operating systems and file types. As mentioned previously,
several colleges and universities across the
The
skill sets that the digital forensic specialist must possess are varied. At a
minimum, the specialist must have an in-depth knowledge of the criminal justice
system, computer hardware, and software systems as well as investigative and
evidence-gathering protocols. For example, the digital forensic specialist must
become intimately familiar with the concepts of burden of proof,
chain-of-custody, evidentiary analysis, and the rules of “best evidence.”
At
a minimum, it is recommended that new digital forensics students take the CompTIA A+ Hardware training to become familiar with
computer hardware. After a student is comfortable working with hardware, then
it is time to move on to operating system fluency. Although there are hundreds
of computer operating systems on the market today, it is recommended that the specialist
become familiar with MS-DOS and the Microsoft Windows family. Oftentimes, digital forensic work will involve these platforms, with Linux
and UNIX variations coming in at a close second place.
Over
the past several years, many significant cases have been solved by the digital
forensic specialist’s ability to “resurrect” files that were thought to have
been erased, deleted, or otherwise destroyed by the suspect in the case.
Finding the electronic “smoking gun” is by far one of the most rewarding
aspects of this profession.
Today,
when we look at which skill set is the most critical to have mastery over when
dealing with digital forensics, it’s not the hardware, software, or even legal
knowledge that is paramount. Being capable of articulating your investigative
findings both verbally and on paper is what separates the amateurs from the
professionals in this line of work. Many skilled technicians have solved
complex digital forensic cases only to discover that due to sloppy record
keeping and poor report-writing skills, they could not explain to a judge and
jury how they found the smoking gun!
Finally,
it is not just computers that harbor the binary code of ones and zeros, but an
infinite array of personal digital devices. If it is discovered that one of
these devices retains evidence of a crime or an incident, it will be up to one
of our newly trained and educated digital detectives to find the digital
evidence… in a forensically sound manner.