|
Are there any misconceptions or anything else about digital evidence that might be important to the non-scientist?
|
bet | 11/17 | Sana | 21.05.2024 | Hajmi | 430,06 Kb. | | #248066 | Turi | Guide |
Bog'liq DigitalEvidenceAre there any misconceptions or anything else about digital evidence that might be important to the non-scientist?
There are a number of common misperceptions about the retrieval and usefulness of digital evidence, including:
Anything on a hard drive or other electronic media can always be retrieved. This is incorrect as over-‐written or damaged files, or physical damage to the media can render it unreadable. Highly specialized laboratories with clean rooms may be able to examine hard drive components and reconstruct data, but this process is very laborious and extremely expensive.
Decrypting a password is quick and easy, with the right software. With the increasing complexity of passwords including capitals, numbers, symbols and password length, there are billions of potential passwords. Decryption can take a great deal of time, up to a year in some cases, using
system resources and holding up investigations. Gathering passwords from those involved in a case is much more efficient and should be done whenever possible.
Any digital image can be refined to high definition quality. Images can be very useful for investigations, but a low resolution image is made by capturing fewer bits of data (pixels) than higher resolution photos. Pixels that are not there in the first place cannot be refined.
Investigators can look at digital evidence at the crime scene or any
time. Just looking at a file list does not damage the evidence. It is crucial to note that opening, viewing or clicking on files can severely damage forensic information because it can change the last access date of a file or a piece of hardware. This changes the profile and can be considered tampering with evidence or even render it completely inadmissible. Only investigators with the proper tools and training should be viewing and retrieving evidence.
First responder training lags behind advancements in electronics.
Without regular updates to their training, responders may not be aware of what new digital devices might be in use and subject to collection. For example, there should be an awareness that thumb drives and SD cards can be easily removed and discarded by a suspect in the course of an encounter with law enforcement.
|
| |