Digital Forensics and Digital Evidence

Until recently, it was commonplace for authoritative commentators to refer to the field as “computer forensics”, a term coined in 1984 when the FBI drew up the Magnetic Media Program, that subsequently led to the setting up of Computer Analysis and Response Teams (CART).

Almost thirty years later, Ken Zatyko, adjunct professor with Johns Hopkins University, was amongst the first to prefer the term “digital forensics” over “computer forensics”. Zatyko’s terminology seems more appropriate since the main source of the electronic data subjected to forensic examination, is bound to shift from personal computers, per se, to other devices (smartphones, mp3 readers, playstations, sat-nav terminals), as well as remote forms of data storage (such as “cloud computing”).

The goal of digital forensics is to to identify the best techniques for the identification, collection, conservation, documentation and interpretation of digital data; on the basis of the definition of digital forensics as “the application of computer science and investigative procedures for a legal purpose”, Ken Zatyko concluded that the scientific process involved in validating digital evidence, could be broken down into eight distinct steps:

  1. Search authority
  2. Chain of custody
  3. Imaging/hashing function
  4. Validated tools
  5. Analysis
  6. Repeatability (Quality Assurance)
  7. Reporting
  8. Possible expert presentation

Although it has become clear that computer forensics suffered a setback with the wide adoption of mobile devices and the increasing use of flash memory and encryption systems, it is undoubtedly also the case that it experienced a fundamental change due to the incredible expansion of cloud computing systems.

Tech and Law Center aims to verify if digital forensics’ methods and softwares are compatible with the fundamental rules of the law of evidence and the criminal procedure which are valid at the international level, in particular in Europe and USA.