Private and Public Digital Evidence and Forensic Investigation: This sub-field of forensics analyses data and information from computer storage media in order to determine if it can be used as evidence in a court of law or whether it can be utilised to answer a particular legal issue when the situation calls for it.
For example, in private investigations, a digital forensics investigator may be called upon to apply digital forensics at the request of a private counsel representing a defendant in a public proceeding. Additionally, evidence may be acquired to demonstrate that an employee is utilising corporate resources for personal, private commercial purposes, such as selling items online or accessing a website that is in violation of the firm’s information technology policies and procedures, among other things. Consequently, the employee may face disciplinary action from the firm, increased personal culpability, and maybe criminal liability.
Evidence demonstrating that an employee has breached an employment agreement is much more important. Examples include obtaining proof that an employee improperly accessed documents or other material without authority. It might also indicate that an employee has harassed another employee or even stolen confidential corporate information from another employee.
While public investigations need digital forensics only after a crime has been committed, computers may be employed in crimes in a variety of ways, including, but not limited to, the following methods: Criminal offences associated with the widespread use of computers, including copyright violations, crimes in which the computer is used as an instrument of the crime or crimes in which the computer is used as an incidental to another crime, such as using it to store illegal records, and crimes in which the computer is the target, such as theft of information from a computer or denial of service crimes.
Evidence Gathering Using Digital Technology
The collecting of digital evidence may play a number of important functions in the collection process. These positions may include the following:
Physical Technology Collection: The physical media will be collected by the investigators. Any technology that saves data or information is referred to as physical media. Hard drives, PDAs, flash memory, and other electronic gadgets are examples of this.
Physical Media Examination: The physical evidence will be examined for fingerprints or other evidence that may have been left on the surfaces of the physical technology. When performing this function, a thorough grasp of the technology is required. It is possible that this role will be able to assist in the roles of digital evidence gathering and digital evidence analysis even when the physical equipment has been substantially damaged.
Digital Evidence Collection: The digital data from the physical device will be collected by the investigators for analysis. The evidence in this case is the whole collection of files, folders, and bits that were saved on the physical medium.
Digital Evidence Analysis: The data obtained will be analysed by the investigators. The examination of digital evidence may reveal previously unknown facts.
Evidence in the Digital Age
Digital evidence includes both the whole collection of bits, bytes, and blocks that may be obtained from the technology and the blocks themselves. Email, log files, text documents, spreadsheets and other types of files are all examples of what is meant by a subset of the whole set.
There are various specific issues and questions that must be addressed when dealing with digital evidence. Modern computers, which are installed as multi-user systems with the capacity to accommodate hundreds of people, provide the most difficult obstacle. Given the importance of evidence in an inquiry, it becomes vital to resolve any ambiguity about who owns the data, how the data became available on the system, and who or what created or originated the data, among other things.
The legal concerns surrounding the collecting of evidence from privately held devices such as mobile phones in private investigations, as well as the expectation of privacy for workers who use company-provided resources, are also a cause of worry. Many organisations define the correct use of their assets and require workers to forgo any such rights to privacy on corporate assets as part of their employment contract, despite the fact that no definitive solutions have been found to far.
Furthermore, with the introduction of free and publicly accessible encryption technology, the situation has lately gotten more problematic. By utilising encryption on firm assets, this particular topic is whether or not a user has a reasonable expectation of privacy in the process. Clearly, the corporation has the right access the encrypted version of the data; but, does the firm have the authority to require the employee to provide an unencrypted version of the data? Is it possible for a person to be forced by a court of law to provide a password to law enforcement in order for them to decode digital evidence?
The argument that no digital bit has ever been viewed means that plain sight is not feasible and hence not a concern is a tempting one. When it comes to privacy, the subject of “plain sight” comes up when gathering evidence from digital sources is being considered. Others may claim that a permission to collect any digital evidence saved on a disc or computer device is sufficient authorization to collect any and all evidence from a computer in connection with a crime in any jurisdiction.
According to the most conservative interpretation of the plain sight theory, every seizure of evidence from one crime that is discovered during the search for evidence from another crime should be authorised by a permission in the first instance.