contact us| sitemap| our benefactors| help| search:
 
Bookmark and Share  
Home
News
Reports and Publications
People & Science
Magazine archive
SPA Archive
September 2005
SPATalk
Energy efficiency in a muddle
Open access approaches critical mass
Surge of interest in radical carbon plan
Genetically modified athletes
Climate change developments
A sociologist in the lab
Go for fusion
Science in government
South Asians and health
Ethical governance of UK Biobank
Exhibition: The Hitchhiker’s Guide
Not digital but dignity
Kilby and Keeling
Apparatchiks first and science second
Science communicators forge ahead
Investigating the bombings
Secure people need healthy ecosystems
Democs
Citizens' Jury
Correspondence
Feedback
News in brief
Investigating the bombings
After the bombings: chaos for Tube travellers

Barrie Mellars extols digital forensics

The London terrorist bombings have left security forces and law enforcement with a huge amount of potential evidence in a variety of forms.

Amongst this evidence will be remains of mobile phones and digital cameras, many of which will have been badly damaged. However, the SIM and memory cards of these phones and cameras are tough and resistant to damage and could contain data vital in the identification of victims, as well as potentially useful images and videos.

Some of the mobile phone video footage was shown on television. Proper forensic examination of the video files is vital in determining the true content and indeed its veracity. Video enhancement of these files may also show details not immediately obvious.

The ubiquitous modern mobile phone, with its high quality digital camera, presents an opportunity for evidence gathering on a scale hitherto unseen. In addition, forensic interrogation of seized computers may provide police and security forces with intelligence on as yet unknown links to and from the bombers.

Digital crime

Advances in digital technology have opened up whole new horizons of opportunity for criminals to profit as well as facilitating traditional crime. The obverse of this coin is the new opportunities offered to law enforcement agencies in gathering prima facie evidence in a novel and valuable way.

Digital crime can be divided into three main categories:

  1. Crimes on computers, such as burglary and theft
  2. The use of high tech communication devices, such as mobile phones, in the commission of crime
  3. Crimes using computers, such as fraud (both internet and traditional), paedophilia, identity theft and so on.

The first and second categories present law enforcement with opportunities to investigate high tech crime using high tech solutions. The third presents a broader, and altogether far more sinister, face of crime, extending from simple fraud to terrorist activities. All three areas have become the domain of a new breed of forensic scientist, the digital investigator.

The role of the digital investigator

The essence of all forensic science stems from the oft-quoted Locard’s Principle which states:  Anyone or Anything entering a crime scene takes something of the scene with them and leaves something of themselves behind when they depart.
This is as true today as when Dr Edmund Locard first proposed it in 1910.

For the digital investigator, the challenge is the nature of the ‘something’. In traditional forensic investigation, exhibits are usually solid defined objects such as clothing or weapons. In digital investigation, the evidence is of a much more ephemeral nature, being the electronic impression left on magnetic or optical storage media which can disappear as quickly as it was created.

The evidence

It is well known that a computer’s delete key does not erase data - be it document files, images, recordings, or data logs, any of which may have relevance to a case. This material remains stored in the memory of the system unless and until that section of the memory is overwritten. Even then, useful data may still be recoverable.

Along with the evidence itself comes a plethora of supporting ‘intelligence’ data, such as dates and times of file creation and modification, ownership of files, who accessed them and to whom they were sent. Email has proved many times to be a source of invaluable evidence, containing as it does not just the contents of the email but also the associated meta data which is not commonly seen but is present in all emails. This meta data contains information about both the sender and recipient as well as date and time information. The same kinds of information may also be found associated with image files.

Modern mobile phones are small computers in themselves that also have the ability to access a cellular-based communications system that is now almost worldwide. The call data, text messages and images sent and received from mobile phones are often valuable sources of both intelligence and evidential data. As with computers, it is vital to retrieve data unchanged and in a form that is acceptable to the courts.

Maintaining standards

Digital forensic investigation is becoming subjected to intense judicial scrutiny after a number of high profile cases involving sub-standard examiners. For courts to be confident of ‘expert’ evidence it is vital that certain standards are recognised and controlled by independent professional bodies such as the Council for Registration of Forensic Practitioners and UKAS. The entire area of digital forensics must become a recognized scientific discipline based on sound scientific principles with its theories and techniques subject to peer review and publication.

Barrie Mellars is head of the Digital Forensic Unit at LGC.
search this section
*
Contact us  |  Sitemap  |  Our benefactors  |  Help  |  Search   
Privacy & terms of use