In 2021, digital devices are quite common, with the most common ones being mobile phones, tablets, and computers. However, the emergence of IoT has made a plethora of electronic devices a source of digital evidence. For example, a digital camera can be used to view or store illegal images. The first responders in this case are digital forensic experts, who should identify and seize every electronic device to acquire evidence.

But how is this digital evidence gathered? Hear what our digital forensic engineer has to say!

Collection of digital evidence

Numerous sources can be used to collect digital evidence. Some of these sources are servers, cloud computers, USB memory sticks, CD-ROM, hard drives, digital cameras, mobile phones, computers, and the like. Some of the more non-obvious sources include web pages that should be preserved because they can change, as well as RFID tags. It’s important to ensure that extra care of data sources is taken so that nothing can modify or contaminate them as they’ll be used for digital forensic investigations.

Since the majority of digital information is volatile, it’s subject to change. Once it’s modified, identifying the changes or rolling back the data to its original state becomes a lot more difficult. Therefore, a cryptographic hash of digital evidence can be carried out and calculated. This hash must be recorded in a safe place to ensure there’s no contamination of digital evidence. This is crucial because it would allow computer forensic experts to establish whether someone fiddled with the original data evidence or not.

Imaging evidence within the electronic media

During the initial phases of the investigation, it’s a good practice to duplicate the original evidentiary media. Now, a combination of software imaging tools and standalone hard-drive duplicators can be used to fully close the entire hard drive. This can be done at the sector level, where a bit-stream copy of all parts of the hard drive’s user-accessible areas will be made. This means there won’t be any need to duplicate the file system. In order to prevent tampering, the original drive can be transferred to secure storage. While this imaging process is underway, a write-blocking or write-protection application or device can be used to make sure no information is made part of the evidentiary media during the computer forensic investigation.

Why preserving the sources of investigation is important?

It’s important to preserve the sources from which evidence is gathered so that the chain of custody remains intact. Otherwise, it won’t be possible to validate the results of the digital forensic investigation.

Turn to Eclipse Forensics – your certified digital forensic consultant

Since 2005, we’ve worked on hundreds of cases for a variety of individuals, private attorneys, and law enforcement jurisdictions. We’re ready and poised to help in the analysis and development of mobile device forensics, authenticate audio and video forensics, court-certified forensics in FL. Contact us now for more information!

Ever wondered how a digital forensics team operates? How do the experts find those incriminating files or suspicious activity only using a person’s data? Here’s a breakdown of how the digital forensics process works, giving you an idea of how your own case could play out:

Continue reading→

To many, digital forensics seems like magic as they are unable to understand how experts can pull vital data from devices like a rabbit out of a hat. With dramatized depictions of digital forensics, there have been various misconceptions regarding the industry. Several creative liberties are taken, which differ wildly from the reality of it all.

These are some of the most common myths related to digital forensics, which might be crucial to know about whether you’re considering a career in the field or want to hire digital forensic experts for your case:

Continue reading→