Thursday, 27 August 2015

How to become a Digital Forensic Expert

As technology advances, those in the criminal justice and criminology fields have to learn to change with it. More people conduct business online, and more occupations require at least some use of a computer or cellular phone.

To combat and investigate crimes involving computers and mobile phones, new career opportunities for digital forensic experts have sprung up.

What do digital forensic experts do? Well, as the name implies, they reconstruct and analyze digital information to aid in investigations and solve computer-related crimes. They can look into incidents of hacking, recover chat history and even recover lost or stolen data.

Some of the services of a digital forensic expert often include:

- Recovering data from damaged or erased hard drives

- Gathering and maintaining evidence

- Working with cellular devices, computers and other electronic equipment

-  Digital image enhancement

- Recovering SMS or chat history

Private companies and government organisations may employ digital forensic investigators full time, or they may contract for their services. Investigators will likely be involved in looking for violations of company policies regarding computer use as much as they will be involved in crime solving.

What are the education and skill requirements for a digital forensic investigator? Well, of course you will need a wide variety of knowledge regarding the investigative process, the law of evidence, computer operating systems, mobile devices and different types of hardware and software.

In addition to computer skills and related education and certifications, digital forensic investigators and digital forensic experts must also possess strong analytical and investigative skills. They need to be able to read and interpret data and to formulate conclusions, and they must be able to present their findings and conclusions in a format that can be easily understood.



A digital forensic expert’s job is both stimulating and rewarding. It allows you to put your unique skills and knowledge to work in a field that is truly helpful to others. 

Friday, 21 August 2015

Computer Forensics vs. Cellular Forensics

Although these two may seem very similar, computer forensics and cellular forensics are different in many ways.

Any type of criminal case may use computer and cellular forensics as evidence, including drug dealing cases, theft of intellectual property or trade secrets, murder cases and even less serious cases like a disgruntled employee.

While a computer is indeed a storage unit for data, cell phones differ by make and model and what type of data they contain, how it is stored, deleted data or how GPS is monitored.

When you contact a digital forensics investigator, make sure you are prepared with all the information…

- Make and model of the computer or cell phone

- The owner or account holder

- Whether or not the device is password protected

- Whether or not you know the password

It is also essential to explain exactly what information you would like to collect or what you suspect has happening and how the data will be used.

So, do you need a computer or cellular forensics investigator?

Unfortunately, as more people are affected by cybercrime and technology plays a bigger role in criminal and civil matters, you may need one of the following investigators:

- Computer forensics investigator
A computer forensics investigator will recover data from a computer. If you need evidence of activity on your computer, a qualified computer forensics investigator can get you all the proof you need. These investigators even have the ability to find hidden or deleted data and emails.

- Cellular forensics investigator
Depending on the make and model of a cell phone, a cellular forensics investigator will recover data, passwords, chat history, SMSs, photographs, GPS and other information from a cell phone. They even have the ability to access deleted or hidden information from a device.


Would you like the help of experienced investigators? Contact DLA today and they will use the latest technologies to achieve the digital evidence that you need!

Thursday, 20 August 2015

How digital forensic investigators use social networking for evidence

Social media is much more than it may seem. It’s not just “likes” and posting photos and sharing statuses. Important evidence and even corporate business records have become integrated into social media sites such as Twitter, Facebook and LinkedIn.

Most of the time, the content investigators are looking for on these social media sites are in relation to:

- Conducting a background check or making an accusation against a witness

- Determining a corporate position on an issue, fact or circumstance

- Proving whether a person was cyber-bullied or threatened

- Establishing whether someone associated with another person of interest

- Evidencing intent, weakness or motive

- Challenging an individual’s physical location alibi

However, over the years people have argued about whether using social networking site content violates their rights, whether the site itself infringes the privacy of its users or even whether illegal activity occurs with actual knowledge of it happening.


In light of this, make sure the evidence is preserved and acquired properly is critical, which can be hard given its dynamic and multi-format nature. To properly collect and authenticate social networking content, the correct tools and programs need to be used at all times. Significant digital forensics skills are needed to analyze the preserved data to answer questions like:

- Who posted the offending content?

- Can the offending content even be attributed by convincing evidence to a real, live person?

- When was the offending content posted on the social media site?

- How much of it exists across the entire social networking platform?

- What other related evidence is there?

- How accurate is the reported physical location


We use social networking constantly; it is basically a part of our everyday lives. So, because people choose to broadcast their personal lives to the public, digital forensic investigators can use it to get current and accurate evidence.

DLA can provide you with a wide variety of services, from data and WhatsApp history recovery to digital suspect profiling and image verification.

Tuesday, 18 August 2015

The challenges of digital forensics

Forensics is changing, because as the years go by we are living more and more in a digital age. However, the legal system is still catching up when it comes to properly using digital evidence.

So, what is digital evidence? Digital evidence is information found on a wide range of electronic devices that is useful for court cases or situations with disgruntled employees. It is basically like the digital equivalent of a fingerprint or a strand of hair left at the scene.

However, digital evidence that is used in court often fails to meet the same high standards expected of more established forensics practices, especially in making sure the evidence is exactly what it is portrayed to be.

It has become common for criminal trials to rely on digital evidence. And it is not uncommon for innocents to be convicted and guilty people acquitted because of digital evidence.

There are many different reasons for this.

First, the evidence might be compelling when you first look at it, but it could by misleading. Other investigations might not even get to trial because of the complexity or incompleteness of the evidence.

It is a bit worrying that some defendants are pleading guilty based on what appears to be great digital evidence, but in these cases the defense lawyer may not understand it. This is why digital forensics consultants are so important.

Forensic analyses and presentations of digital evidence are sometimes explained by investigators that have little or no experience, which is then made worse by faulty case management.

Another problem may be that the digital forensic processes and tools are not seen as reliable.

Now that we are living in the age of technology, digital forensics will forever have an impact on the way that evidence is gathered and presented in court.

Browse DLA and learn a little more about the world of cellular forensics, data recovery and digital forensics. 

Monday, 17 August 2015

Cellular Forensics

Cellular forensics has really changed things when it comes to suspect profiling. The fact that people use mobile devices so frequently these days has provided investigators with another source for profiling criminal suspects, as well as helpful insight into their personal habits and personalities.


This is not just from all the calls and SMSs that are sent and received, but also from the rich data that can be extracted from messaging apps (WhatsApp, BBM) and social media apps (Facebook, Twitter) gives digital forensic investigators the ability to develop a picture of a suspect and a criminal case.

A suspects’ social media personality can offer a more tailored overview of the character, his or her likes and dislikes and a reflection of “who” they really are. A victim’s presence on social media can also be used to find a common link to possible suspects!

The widespread use of cellular apps makes them a source of extremely critical data for digital investigators and general law enforcement officers, both in terms of evidence and investigative leads.

These days’ people use their mobile devices to access social media apps rather than using their laptop or computer. Even more so, social media data can actually be extracted from a suspect’s mobile device and provide details such as, their WhatsApp chat history, location-based data, recovery of images and frequently contacted people.

Investigators can even find out when someone was in a certain place at a certain time by looking at the WiFi all the networks they have ever connected to.

While data points such as SMSs and GPS locations can end up in a great lead in a criminal case, looking at the online social identity of a suspect will allow investigators to dig deeper into the personality of the suspect, which can help to build a case.

Suspect profiling is changing as people use more and more social apps to communicate with one another. This is providing digital investigators with another source of information to build up a complete profile of a suspected criminal.

The amount of data that is now being consumed and shared is opening up a huge amount of different opportunities for cellular forensic and digital suspect profiling cases.


At DLA digital and cellular forensics, we never lose sight of the goal of an investigation, which is to identify the suspects and find the perpetrator using digital suspect profiling.

Friday, 14 August 2015

What Is Data Recovery And How Does It Work?

We’ve all dealt with data loss, whether it was from a hard drive failure, data corruption or accidentally deleting a file. If you’ve ever experienced a major loss of data, you’ve probably wondered about data recovery — how does it work? How effective is it? How much does it cost?


Data Loss and Data Recovery

Data loss can take many forms — accidental deletion, hard drive failure, software bugs, data corruption, hacking, even a simple power failure can cause you to lose data. And, of course, there are more extreme cases, like when a hard drive is recovered from a plane crash; amazingly, some data recovery specialists can retrieve data from storage media that’s been almost completely destroyed.

If a piece of data used to be on your hard drive, USB stick or other storage media, you might be able to hire someone (or purchase some software) to perform data recovery. Data recovery is, simply, the salvaging and repair of data that has been lost.

DLA can recover your data quickly and easily, by combing the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require.

Of course, data recovery won’t always be possible; sometimes a system can be too corrupted or damaged to get much of the data back. However, data-recovery technology has become extremely advanced.

How Does Data Recovery Work?

The methods used to recover lost data depend on how the data was lost in the first place; let’s take a look at some of the most common forms here.

- File Deletion

- File Corruption

- File System Format or Damage

- Physical Drive Damage

- Solid State Drive Data Recovery


DLA can do a great job of getting your data back, but the best measure you can take to prevent long-term data loss is the one we’ve been advocating for a long time: make lots of backups! 

Thursday, 13 August 2015

How police are using digital forensics to solve crimes

Forensic investigations seek to uncover evidence and then analyze it in order to get a proper understanding of the crime. As computers and digital devices have become a part of our daily lives, the cyber realm contains all sorts of potential evidence for all types of criminal investigations.

Technology is volatile and we’ve seen technology advancements in the last five years, probably like no other period in time.


So, how are police using digital forensics and what crimes have they solved?

BTK KILLER

BTK was a serial killer in Wichita, Kansas who named himself after his method – Bind, Torture, Kill.

He killed at least 10 people over a period of 30 years. After he killed, he would then taunt police with letters detailing his crimes.

The Evidence

- By posting ads through the local newspaper, BTK asked police if he could communicate with them via floppy disk without being traced back to a particular computer.

- The police lied and said yes. The floppy disk was quickly traced to a computer at the church where Dennis Rader was president of the congregation.

- DNA tests matched radar to the BTK murders.

The Outcome

- Sentenced to 175 years in prison

SCOTT PETERSON

Laci Peterson, who was 8 months pregnant, was reported missing by her husband, Scott Peterson. That same morning, Peterson claimed to be on a solo fishing trip near Brooks Island.

The bodies of Laci and her unborn son washed up on a beach a few months later. The patterns of water currents make it possible that Laci’s body was dumped near Peterson’s fishing spot.

The Evidence

- Peterson searched ads for used boats, fishing information, and boat ramps in the area.

- On the morning of Laci’s disappearance, Peterson made a call from his home to his voicemail after he claimed to have already left for his fishing trip.

- Wiretaps suggest that after Laci’s disappearance, Peterson lied about his whereabouts to friends and family.

The Outcome

- On death row

THE CRAIGSLIST KILLER

“Craigslist Killer” was the nickname given to the man who bound and robbed three women, killing one.

The Evidence

- Police used video surveillance to find images of the killer.

- Traced the phones he used to call the victims to disposable phones.

- Traced the email used to respond to the Craigslist ads to the IP address of Philip Markoff.

- Police followed Markoff, gathered fingerprints, which matched those on the crime scene.

The Outcome

- Committed suicide while awaiting trial

CASEY ANTHONY

Cindy Anthony, Casey’s mother called the police to report that her two year old granddaughter, Caylee, was missing.

Digital forensic experts found several suspicious searches on the Anthony home computer.

The Evidence

- Casey told police that her daughter had been abducted by her nanny a month before. Casey was arrested for child neglect.

- FBI lab results show that chloroform was found in Casey’s car.

- Caylee Anthony’s remains were found ¼ of a mile from the Anthony home.

The Outcome

- Sentenced to 4 years in prison


Digital forensics and forensic investigations seek to uncover, analyze and preserve evidence to be used in criminal proceedings.

DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the digital forensic results that you require.

Wednesday, 12 August 2015

Digital Forensics in Criminal Investigations

Computers and other digital devices are commonly used to commit crimes these days, and thanks to the science of digital forensics and digital evidence, law enforcement can now use computers to fight crime.

For digital evidence to be legally admissible in court, investigators must follow proper legal procedures when recovering and analyzing data from computer systems.

Sometimes the law cannot keep up with technological advancements and this may ultimately limit the use of computer forensics evidence in court. Privacy advocates are growing especially concerned that computer searches may be a breach of a suspect’s human rights. So, as methods to hide evidence become more advanced, technology may be abused by helping criminals hide their actions. In the end, the role of technology in digital forensics may not reach its full potential due to legal boundaries and bad intentions.

Computer and computer-based forensics has been an important part in the conviction of many well-known criminals, including terrorists, sexual predators, and murderers. Terrorist organizations may use the Internet to recruit members, and sexual predators may use social networking sites to stalk their potential victims.

However, most criminals fail to cover their tracks when using technology to implement their crimes. They fail to realize that computer files and data remain on their hard drive even when they are deleted; this allows investigators to track their criminal activity. Even if criminals delete their incriminating files, the data remains in a binary format due to “data remanence” or the residual representation of data. File deletion simply renames the file and hides it from the user; the original file can still be recovered.

Eventually, data may be overwritten and lost due to the strained nature of computer memory, a storage area for used data. A random access memory chip (RAM) retrieves data from memory to help programs to run more efficiently. However, each time a computer is switched on, the RAM loses some of its stored data. Therefore, RAM is referred to as volatile memory, while data preserved in a hard drive is known as persistent memory.

The RAM is constantly swapping seldom used data to the hard drive to open up space in memory for newer data. Over time, though, the contents in the swap file may also be overwritten. Thus, investigators may lose more evidence the longer they wait since computer data does not persist indefinitely. 

Fortunately, computer scientists have engineered equipment that can copy the computer’s contents without turning on the machine. The contents can then be safely used by lawyers and detectives for analysis.


DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil background with the latest technologies to achieve the digital forensic results that you require.

Friday, 7 August 2015

The History of Digital Forensics

Before the 1980s, crimes involving computers and digital devices were dealt with using existing laws. So, the field of digital forensics is relatively new. While its history may be short, it is quite complex.

As the years went by, the range of digital crimes being committed increased, but it was not until the 1980s that federal laws began to include computer offences. Canada was actually the first country to pass legislation in 1983, followed by the US Federal Computer Fraud and Abuse Act in 1986.

The fact that computer and digital crimes grew so much during the 1980s and the 1990s caused law enforcement agencies to start making specilised groups to deal with the technical aspects of the investigation. For example, the Computer Analysis and Response Team that the FBI formed in 1984.

Throughout the 1990s there was a high demand for these new investigative resources, this lead to the creation of regional and even local level groups to help handle the load. But, it was not until 1992 that the term “computer forensics” was actually used in academic literature.

Since the year 2000, a lot of people and agencies have written and published guidelines for digital forensics. A European lead international treaty, the Convention on Cyber crime, came into force in 2004 with the aim of reconciling national computer crime laws, investigative techniques and international co-operation.

The issue of training also received some attention. Companies, such as forensic software developers, began to offer certification programs, and digital forensic analysis was included as a topic at the UK specialist investigator training facility.

Since the late 1990s digital devices have become available everywhere, basically everyone has a phone or some kind of digital device. Devices have advanced way beyond simply communicating, they are great forms of information, even for crime not usually associated with digital forensics. However, digital analysis of phones has lagged behind traditional computer media, mostly because of problems over the ownership of the devices.


The complex field of digital forensics will always have unresolved issues. Many issues will include; increasing size of digital media, the wide availability of encryption to basically everyone, the variety of operating systems, increasing number of people owning multiple devices and lets not forget the legal limitations on investigators. 


DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require.