Digital forensics is in essence a smaller sub-branch of general forensic sciences that’s dedicated to the recovery of data from electronic devices and electronic storage media. You yourself, along with many other people, have probably had to deal with this fascinating science if you’ve ever suffered a hard drive failure, had your computer destroyed or needed to recover erased files.
Needless to say, the forensics industry today is enormous, especially as more and more information comes into the fold of being stored as bits and bytes. Numerous applications for digital forensics in commercial, private, industrial and criminal related science abound. Computer data forensics even features prominently in international politics, especially where espionage is concerned.
Digital forensics didn’t really begin to take off as a developed procedural system until the advent of commonly used computer storage of public and private data at the end of the 1970’s and during the 1980’s. It was also around this time that the first computer crime laws were established in an effort to deal with the earliest iterations of criminal computer related fraud and hacking.
Agencies like the FBI and the Metropolitan Police of London, England were some of the first to create computer crime task forces that were responsible for investigating the earliest major hackers and digital con artists, operating in the earliest days of what would eventually turn into the vast modern internet, where billions of dollars in currency and important information flow daily.
In fact, one of the earliest cases of a major criminal investigation that owed its success to digital forensic science was the case of computer hacker Markus Hess, whose database hacking activities were slowly unraveled due mostly to carefully orchestrated amateur computer forensics by then astronomer and author Clifford Stoll. After slowly tracking the hacker through the crude networks and computer databases that existed in 1986, the author managed to lure the hacker into self-incrimination through a digital “honeypot”, or trap and hand over the evidence he’d gathered to the FBI.
The procedures this criminal digital forensics pioneer used were later widely copied by police agencies in future investigations.
Establishment of Standards
By the late 90’s and 2000’s, development of the forensic recovery process had advanced considerably and led to certain standard procedures being laid down such as “Best Practices for Computer Forensics”, published by the internationally coordinated Scientific Working Group on Digital Evidence. This was in 2002, and by 2005 was followed by even more comprehensive standards covered by ISO 17025 and titled “General requirements for the competence of testing and calibration laboratories”.
Advances and new research into forensics are still being made on an almost daily basis as smart phones and other portable media, as well as software systems, advance and become more complex and diverse. Successful criminal prosecutions that resulted from forensic extraction of data are also becoming more common, as illustrated by two famous cases: the identification and capture of the BTK serial killer thanks to computer meta data extracted from gloating letters sent as word documents to police; and the capture, only recently, of famous military secrets whistleblower Bradley Manning, who had been passing classified U.S military operations information to the activist site Wikileaks while he was stationed with the U.S Army in Iraq.
Offshoots & Modern Applications
Moving beyond the crime investigation foundations of computer forensics, another major factor in this industry’s growth was the explosive growth of personal and business computing on an affordable scale that made these machines and all relevant storage media accessible to millions of people and thousands of companies.
Naturally enough, along with widespread use of electronic data storage media there also began widespread loss of valuable data through human mistakes and this in turn created a massidive demand for recovery services and techniques that could
extract information from damaged electronic databases that had been scrambled. This entire industry came to be classified as digital forensic data recovery and while somewhat differentiated from data forensics; it essentially follows many of the same
procedures and owes its existence to the same computer recovery developments that pushed law enforcement digital forensics forward.
With digital forensic recovery, services that specialize in the salvation of lost computer data have emerged on a massive scale and they serve interests that range from private home computer user needs to massive corporate oriented recoveries of destroyed or damaged databases and server information.
These forensic recovery protocols can involve something as simple as the extraction of data from hard drives hit by internal software failure, by using recovery software; or forensic recovery can involve highly sophisticated techniques that extract
information from physically damaged computer systems. Some of these techniques even include tasks as complex and intricate as scanning the surface of storage media with electron microscopes in order to read the electron polarization (1s and 0s) of the storage medium itself and convert this to usable information.
Needless to say, with governmental, corporate and private storage of so much valuable information in today’s electronic devices, the forensic data recovery industry is booming, and with no likelihood of slowing down its own advancement.
Where Digital Forensics is Going
One of the biggest obstacles to the future of digital forensics, whether related to criminal investigations, espionage or requested data recovery, lies with encryption. Modern commercial, or even free, data encryption programs are easy to download, either cheap or even free in most cases and use extremely powerful, practically unbreakable encryption algorithms to protect their underlying data. Because of this, many criminals as well as security conscious companies have started using them to encode everything in their storage media.
This is fine (at least in the case of encryption that’s not designed to hide evidence) but problems arise when decryption passwords get lost or aren’t available and a forensic recovery effort is requested. For the time being at least, there is no known method of retrieving well-encrypted data; it would be easier to extract if the storage device were physically damaged!
Other future developments in digital forensics revolve around constantly advancing storage media such as SSD drives, USB mediums and cloud servers. Both law enforcement and companies will have to develop the proper tools to successfully
extract from such machinery and databases.
Also, while already advancing, the technology of recovering forensic data from smart phones, mobile devices and the networks that they operate on is something that also needs dramatic improvement. Within less than 10 years most personal information and internet communications will be occurring over these machines, with storage being more of a cloud phenomenon than something that happens on home/office based hard drives. Digital forensics is rushing forward to cope with these fundamental operating changes
About the author: John Dayton has served the technology industry for many years. When he’s not writing poignant articles or working on his startup tech company, you can find him covering LWG’s forensic engineers.