“The gathering and analysis of digital information in an authentic, accurate and complete form for presentation as evidence in a civil proceeding or a court of law”
Digital Evidence is defined by the Scientific Working Group for Digital Evidence (SWGDE, U.S. DOJ) as:
“Any information of probative value that is either stored or transmitted in binary form”
Computer Forensics is NOT:
“Data recovery”
Something that can be done with software alone
Something that can be performed by anyone other than a trained
and certified digital forensic practitioner
It is estimated that over 85% of all crimes committed today leave
a trail of digital evidence.
Where did Computer Forensics get its Start?
Computer Forensics as an emerging science finds its roots as a
discipline developed by U.S. federal law enforcement agents during
the mid to late 1980’s;
After the release of the first IBM PC to mainstream businesses
in 1981, federal law enforcement noticed the emergence of
“white-collar” crimes being committed with the assistance of the
new PC’s;
By 1985, the U.S. Federal Law Enforcement Training Center
(FLETC) started training agents in conducting investigations in
the “automated environment”;
By 1989, FLETC’s Financial Fraud Institute (FFI) started
creating software and protocols to deal with the emerging
discipline of “computer forensics”; and
Today, the science of “Computer Forensics” encompasses a
variety of disciplines, to include computers, telecommunications,
law enforcement, security, networks, electronics and the criminal
justice system.
Who should be Aware of Computer Forensics?
The obvious choices seem to be any governmental agency that is
involved with criminal or terror related investigations, but it goes
beyond that scope.
All companies and organizations Digital Forensic knowledge and
skills will benefit for companies and organizations which might:
Take an action against an employee based on digital evidence.
Look for evidence of tampering or network hacking.
Need to submit any digital evidence for civil or criminal
cases in a court of law.
Too often, the term forensics is associated with some criminal investigation, when it is actually related to any civil and/or criminal court case.
Example: An employee firing. It is becoming more frequent that the evidence supporting a termination is some type of digital artifact. Some common cases might be:
Embezzlement
Inappropriate use of the internet/Email
Corporate Espionage
Network Security / Hacking
Proof of sexual harassment
And any other criminal or procedural violation that may have a
digital artifact to support the allegation.
Imagine a scenario where an employee was just fired for inappropriate use of the internet or email. Can you:
Prove that the offense took place?
Prove that the employee committed the offense?
Prove that the evidence you acquired was not tampered with
from the time of the recovery?
Prove that the evidence is authentic, accurate, and that the
results are repeatable?
If you can’t do the above, then you have no case. Odds are that an attorney who is knowledgeable about Computer Forensics would have your evidence thrown out and your organization will by liable for damages.
And finally, those governmental or investigative agencies which need to be able to successfully prosecute or defend any case where digital evidence are key. These involve investigations such as:
Terrorist Activities
Illegal pornography
Acts of Fraud or Counterfeiting
And the list goes on....
In summary, there are many job descriptions that will benefit from this training depending on industry segment – general network administration, law enforcement, insurance investigations, litigation support and criminal defense to name a few.
Upon completion of Mile2 DF courses, the student will receive the knowledge necessary to properly place a computer or digital device into evidence custody, conduct an advanced digital forensic investigation and execute advanced reporting procedures.
