Digital Forensics 2.0
Changing World, Changing Way
As today’s cyber space continues to evolve, so must the way we conduct cyber investigations. Sources of evidence are growing rapidly. For those who fail to keep up, collecting and authenticating evidence during a cyber investigation will prove to be a difficult task. For those with a clear understanding of how to leverage advances in technology and the wealth of information available online, the evidence collected during a cyber investigation can help create a solid court case.
Digital Forensics 2.0
Digital Forensics 2.0 is to gather evidence from applicable online and offline sources, suitable for presentation in a court of law.
Sources of Evidence of Digital Forensics 2.0
Emerging Sources of Online Evidence
- Social Media (e.g. Facebook, LinkedIn, Twitter, etc.)
- Government websites
- Archival sites (e.g. www.archive.org)
- Online services
- Blogs
- Company or personal websites
- Group, club or special interest forums
Traditional Sources of Digital Evidence
- Computer hard disks
- Mobile phones
- Network devices
- Databases and files
Evidence Collection Methods
- Screen shot
- Video recording
- Photographs
- Forensic recovery of online evidence (e.g. IEF)
- Commercial tools for social media and online evidence (e.g. PageFreezer)
- Data duplicator / write-blocker & data acquisition software for traditional sources
Investigator Turns Eyewitness on Online Evidence
In today’s world of social media and rapidly changing online environment, investigators are taking on a new role; they are becoming a form of eyewitness. As the eyewitness, an investigator observes evidence that might not be visible to any other available investigator. The investigator is wise to create a record of what he or she sees at any particular point in time, including print outs of screenshots.
Video Records of Investigations in Social Media
Additionally, video recording technology can be very useful in substantiating eyewitness testimony. When investigators need an efficient way to capture what is happening on a dynamic blog or Facebook wall these solutions can come in handy.
There are other new tools like PageFreezer to capture Social Media and Online Evidence.
Consider Local Laws and Privacy Issues
Equally important, an investigator should bear in mind that the laws of foreign countries may apply to their investigation. The World Wide Web can be accessed from anywhere in the world. While you may not need to register with a data protection authority in the United States, if you are looking at postings from someone’s friend over in France you may be required to register under the terms of the French Data Protection authority before gathering information. European or other privacy laws may apply. Be aware of the laws relevant to any country your investigation reaches.
Conclusion
It is a brave new world. Cyber criminals are acting very fast. Digital forensic investigators need to continuously polish their skills and adopt new tools in order fight back.