Wednesday 12 August 2015

Digital Forensics in Criminal Investigations

Computers and other digital devices are commonly used to commit crimes these days, and thanks to the science of digital forensics and digital evidence, law enforcement can now use computers to fight crime.

For digital evidence to be legally admissible in court, investigators must follow proper legal procedures when recovering and analyzing data from computer systems.

Sometimes the law cannot keep up with technological advancements and this may ultimately limit the use of computer forensics evidence in court. Privacy advocates are growing especially concerned that computer searches may be a breach of a suspect’s human rights. So, as methods to hide evidence become more advanced, technology may be abused by helping criminals hide their actions. In the end, the role of technology in digital forensics may not reach its full potential due to legal boundaries and bad intentions.

Computer and computer-based forensics has been an important part in the conviction of many well-known criminals, including terrorists, sexual predators, and murderers. Terrorist organizations may use the Internet to recruit members, and sexual predators may use social networking sites to stalk their potential victims.

However, most criminals fail to cover their tracks when using technology to implement their crimes. They fail to realize that computer files and data remain on their hard drive even when they are deleted; this allows investigators to track their criminal activity. Even if criminals delete their incriminating files, the data remains in a binary format due to “data remanence” or the residual representation of data. File deletion simply renames the file and hides it from the user; the original file can still be recovered.

Eventually, data may be overwritten and lost due to the strained nature of computer memory, a storage area for used data. A random access memory chip (RAM) retrieves data from memory to help programs to run more efficiently. However, each time a computer is switched on, the RAM loses some of its stored data. Therefore, RAM is referred to as volatile memory, while data preserved in a hard drive is known as persistent memory.

The RAM is constantly swapping seldom used data to the hard drive to open up space in memory for newer data. Over time, though, the contents in the swap file may also be overwritten. Thus, investigators may lose more evidence the longer they wait since computer data does not persist indefinitely. 

Fortunately, computer scientists have engineered equipment that can copy the computer’s contents without turning on the machine. The contents can then be safely used by lawyers and detectives for analysis.


DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil background with the latest technologies to achieve the digital forensic results that you require.

No comments:

Post a Comment