Using Digital Data in Criminal Investigations
The department of criminal investigations is taking its means of crime-fighting to a whole new level. Experts in the field now make use of digital data to embark on online investigations that create new evidence that may work independently or support existing physical evidence when building a case.
The pieces of information from which evidence could be extracted include internet histories, text messages, emails, and computer documents, all this data could be gotten from electronic devices.
This investigative process is made possible due to the cloud technology that these electronic devices possess. They give investigators access to images and messages that are on each device.
To further facilitate their job, the GPS feature of these devices could give investigators details on locations where they have been used.
For more information on how digital data is used in criminal investigations, do read on. We’ll be discussing how professional investigators intend to put digital data to effective use.
Stages of Digital Data Investigation
When a criminal case involves the use of science and technology, the evidence to be collected will be in electronic form. These cases are only considered credible when there’s a presence of a forensic expert. Hence, Cyber Forensics plays a vital role in building evidence and opening cases.
For more clarity, Cyber Forensics is the use of science and technology to verify facts in the court of law. This usually includes the analysis, collection, preservation, and presentation of computer-related evidence in the court of law, from which the digital investigation stages are built.
Here are five basic stages that are followed in Digital Data Investigation:
The investigators involved in the case start by identifying sources that most likely contain information relevant to the case. Messages and images are some of the few pieces of information they hope to find on the electronic device. They also seek to locate data that they intend to use for future evidence.
Just like with physical evidence, digital data needs to be preserved too to avoid ruining the evidence it possesses. Images of the crime scene are captured and the acquisition process of the digital data is documented.
After preservation, all digital data that is considered valid for the investigation is collected. This includes electronic devices that are acquired from the crime scene, from which copies of the content of the device are made.
An analysis is done to draw conclusions and put the observations made on the evidence to good use. The analysis stage is done to prove that all evidence is vital to the case.
The report is a document that is presented to the court as proof of the methodologies and techniques done to get the final results. It is also expected that the report remains the same when foreign investigators take up the case.
Digital Data Analysis Process
When digital evidence is collected, it is sent to a laboratory where a qualified analyst works to retrieve the data through the following process:
- Prevent contamination
The analyst uses clean storage media to save digital data before proceeding with the analysis. The storage media to be used must be new or forensically wiped to prevent any form of contamination or loss of information. Several copies are also made to ensure that the original data on the suspect’s electronic device isn’t tampered with.
2. Isolate wireless devices
The electronic device is then taken to an isolation chamber where connections to any networks can be avoided to keep the original data in its pristine state. In the absence of an isolation chamber, a Faraday bag is used, where the device can be exploited.
3. Install write-blocking software
To avoid any alteration in the data, the analyst installs a block on the copy being worked on. This software makes it possible to view the work without being able to change or add anything.
4. Extract data
The analyst determines the make and model of the device, after which an extraction software is selected and used to view the contents of the work copy.
5. Submit the device for traditional examination
The device is sent back as evidence once all the necessary information has been extracted.
6. Proceed with investigation
The analyst examines the work copy and accesses all the files on it. All files needed for the investigation are also dug up as effective evidence.
The advancement in technology has birthed inventions that make criminal investigations easier and more effective.
However, due to the high risk of alteration in digital evidence, investigators, and analysts need to be extra careful to ensure that the evidence is admissible in court. So, it is highly recommended that digital data be handled according to the conditions of the court.