Computers and other digital devices are
commonly used to commit crimes these days, and thanks to the science of digital
forensics and digital evidence, law enforcement can now use computers to fight
crime.
For digital evidence to be legally
admissible in court, investigators must follow proper legal procedures when
recovering and analyzing data from computer systems.
Sometimes the law cannot keep up with technological
advancements and this may ultimately limit the use of computer forensics
evidence in court. Privacy advocates are growing especially concerned that
computer searches may be a breach of a suspect’s human rights. So, as methods
to hide evidence become more advanced, technology may be abused by helping
criminals hide their actions. In the end, the role of technology in digital forensics
may not reach its full potential due to legal boundaries and bad intentions.
Computer and computer-based forensics has
been an important part in the conviction of many well-known criminals,
including terrorists, sexual predators, and murderers. Terrorist organizations
may use the Internet to recruit members, and sexual predators may use social
networking sites to stalk their potential victims.
However, most criminals fail to cover their
tracks when using technology to implement their crimes. They fail to realize
that computer files and data remain on their hard drive even when they are deleted;
this allows investigators to track their criminal activity. Even if criminals
delete their incriminating files, the data remains in a binary format due to
“data remanence” or the residual representation of data. File deletion simply
renames the file and hides it from the user; the original file can still be
recovered.
Eventually, data may be overwritten and
lost due to the strained nature of computer memory, a storage area for used
data. A random access memory chip (RAM) retrieves data from memory to help
programs to run more efficiently. However, each time a computer is switched on,
the RAM loses some of its stored data. Therefore, RAM is referred to as
volatile memory, while data preserved in a hard drive is known as persistent
memory.
The RAM is constantly swapping seldom used
data to the hard drive to open up space in memory for newer data. Over time,
though, the contents in the swap file may also be overwritten. Thus,
investigators may lose more evidence the longer they wait since computer data
does not persist indefinitely.
Fortunately, computer scientists have engineered
equipment that can copy the computer’s contents without turning on the machine.
The contents can then be safely used by lawyers and detectives for analysis.
DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil background with the latest technologies to achieve the digital forensic results that you require.
No comments:
Post a Comment