Everyday new ideas all around the world are born. By the start of the new millennium the race was on, as everyone and their brother realized how potent technology was to their future. And now as we move into the second decade of the millennium, technological advancements became one of the pillars of a nation.
The laws that were written to govern any society had to also keep up with this dynamic shift. If one were to take a look at information technology related crimes, they’d come to the same conclusion; many law related issues, incidents, and crimes are deeply entwined with a cyber element. You ask why? If one were to answer this question given one word it would have to be Convenience.
As law enforcement agencies around the globe battle daily to try and keep up with these advancements; there is simply not enough resources to do so. There is just too much information and so little time to soak it up until we move into the next batch of information.
Furthermore, an investigator has many work demands, as is the case within any profession, and trying to stay up-to-date on all the happenings within the different fields in technology is humanly infeasible. A digital forensic investigator might try and obtain all of the world’s best forensic (and otherwise) toolkits to perform his/her investigations. However, if one lacks the fundamentals of what’s under the hood of the digital device they’re investigating, they might fall into the folly of relying blindly on an automated tool, not knowing that what they perceive as the “smoking gun” to close the case, might actually be there for a different reason. Additionally, knowing the techniques and having the mental prowess to “connect the dots” of the findings with relation to the case is one of the most important elements to being an investigator.
Another element is to know which tools and techniques to use in certain circumstances. If one were to focus on specific areas in a case what would it be? For example would it be the timeline, indicators of a system intrusion, indicators of malware activities, Internet activities, user related files, encrypted data, remnants of data saved elsewhere, or presence of specific files? On the other hand restricting one’s vision, while beneficial to some extents, might limit one’s view of the bigger picture. So based on what would an investigator determine the correct method to pursue relevant information?
Bridging the gap between the everyday practitioner of digital forensics and the research community is one of the more successful solutions to the issues mentioned above. In the upcoming posts, I hope to highlight the importance of research and further discuss digital forensic topics from the viewpoint of an investigator.