15 Jul Here’s One Important Thing to Look for in a Digital Evidence Report
Digital forensics is the science of collecting evidence from digital devices, examining it, and explaining what the data means so that a normal person can understand it. All forensics examiners use specialized “tools” to help them do this. These tools are nothing more than software programs that automate the process of converting raw data into something that is searchable and human readable.
Police departments, intelligence agencies, companies, and forensic examiners rely on these tools to work as they are advertised to do and spend enormous amounts of time and money learning how to properly use the tools. For the most part, this system works. The tools are tested and validated on many levels by many agencies and organizations. They are generally reliable.
But that is the problem.
Because, the tools are so reliable, many practitioners, particularly those working for law enforcement tend to rely on the tool for the results. They automatically believe the reports and don’t look at the underlying data. They are guilty of what many in the industry call “push button forensics.” This means that they run their tool against the digital evidence and produce a predetermined report based on what the tool creates. Consequently, they miss those occasions when the tool makes mistakes.
And there are countless examples where forensic tools do not correctly interpret the raw data, or just as importantly, miss important information in raw data.
There is a famous case of where this occurred. It involved Casey Anthony who was charged with murdering her daughter Caylee Marie Anthony in 2008. In 2011, the jury returned a not guilty verdict and she was cleared of murdering her child. In some measure, she was found not guilty due to forensic tools not adequately interpreting raw data and this led to misleading testimony in trial. You can find further details here: http://bitly.ws/4j3X
The important conclusion is to understand that tools are only as good as the craftsman using them. It takes years of training and experience to understand what is happening “under the hood.” Examiners at TEC Inquiries have that experience. When looking at forensic reports created by others, we can find information that might have been missed or misinterpreted. At the same time, while crafting our reports, we pay close attention to avoid such pitfalls.