Return to Main Site

DIGITAL FORENSICS

"If the law has made you a witness, remain a man of science. You have no victim to avenge or guilty or innocent person to ruin or save. You must bear witness within the limits of science." -Dr. P.C.H. Brouardel

Most people these days are confused by the term "forensic". For them, digital forensics is something they see done on CSI: Cyber. If you click that link, you'll see that forensics, or even realistic investigation, is absolutely not what they're doing. What is forensics, then?

WHAT IS IT?

Simply put, the term "forensic" means nothing more than "to debate". Ever wonder why your local high school debate team is called "Forensics"? At the heart of their purpose, they debate. In the world of law and order, it means to "try in court". So then, digital forensics refers to digital evidence that is part of a legal proceeding, usually as an evidential "exhibit". What's digital evidence? These days it can refer to desktop or laptop computers, smart phones, tablets, servers, network gear, the refrigerator, coffee pot, your car's info-tainment system, etc. It's called the Internet of Things (IoT), and the sky's the fast-rising limit.

When we say "digital forensics", we mean those methods and tools used to extract data of evidential interest to a client. That doesn't mean the resulting work product will ever end up in a courtroom or that only those cases going to trial can be examined. It just means that we apply the scientific method and the guidelines established under Daubert-Frye without compromise so that should our work be scrutinized or deliberated before a judge or jury, we will give them every reason to find it valid and admissible.

DO I REALLY NEED AN EXPERT?

Be sure to visit the Wikipedia link above regarding Daubert and read it thoroughly. Some feel that it only applies to new and novel science or that it only applies to testing labs and not production labs. Digital technology is constantly evolving and advancing. Over the last 16 years, Hoyt Harness has seen 4 major turnovers in technology that completely changed the way forensic examiners do business:

  • The change from f-serves to Peer-2-Peer file sharing.
  • The spread of onion routing (i.e. Tor).
  • The rise of mobile technology (smartphones).
  • Mass adoption of consumer-level encryption.
Consequently, he relies heavily on continuing education, training. and field work to stay abreast of developments. Those that use technology for the wrong reasons certainly do that. None of the items in the above list are bad, in and of themselves, but they can be used for purposes darker than the creators envisioned. The bad guys are masters at exploiting that. Going further, extracting the right data and knowing why it's the right data is critical. Being able to fully complete the job even when tried and trusted methods seem to have failed is critical. Being able to tell the story the evidence wants to tell to a jury whose technical knowledge may only extend to opening an email or playing a game is critical. IT professionals, the geek squad, self-described geniuses that work at the computer store named after your favorite fruit are all presumably good at what they do. However, what they do is not digital forensics and their work product should not be expected to meet the court's requirements for scientific evidence. Hoyt Harness is a Computer Forensic Certified Examiner (CFCE) qualified by the International Association of Computer Investigative Specialists (IACIS), an internationally recognized and respected certifying organization in the global digital forensics community. That, coupled with thousands of hours of other relevant training, education, certifications, and experience puts him at the very top of his field and one of the most well-known digital evidence specialists in Arkansas.

CASE TYPES

Law Enforcement

A digital evidence examiner, at the top of his/her game, is a computer scientist. Unfortunately not many achieve this level of competence in the field of law enforcement digital forensics. The road to computer scientist is a long and arduous one requiring many hours of (and dollars invested in) education, training, certification, self-study, experimentation, and real-world examinations/analyses. The pursuit of mastery has to compete with changing law enforcement priorities, personnel rotation, dwindling funds, and tomorrow's squeaky wheel. This often leaves the law enforcement examiner well behind his/her civilian counterpart. We help agencies by providing a certified, proven, and well-respected examiner that instantly expands police expertise in digital forensic matters while significantly keeping costs below a manageable threshold. We're cost effective in that the expense of payroll, training, travel, and other costs associated with hiring, training, managing, and retaining digital forensic examiners is reduced to affordable consultancy fees. These fees, as with other extraneous costs of an investigation, can be presented before the court as part of a convicted party's restitution, essentially rendering our assistance completely free.

Private Investigation

Today's private investigators can be found in nearly every place people live and work. They may be licensed professionals who hire out for a fee to agents working solely for a commercial company investigating internal matters. Law enforcement has found that nearly every crime these days has some sort of cyber/digital nexus, and PIs know the same thing in their respective environments. Also like law enforcement, PIs have had to become expert at finding economical ways to fund their work. Let's face it. Digital forensics is expensive in every aspect - education, training, certification, equipment, and software. Besides that, it's a highly demanding skill requiring exacting precision and extensive knowledge. Finding free and cheap tools to grab deleted data is as close as the nearest Google search. Don't fall for this trap. Those tools might be okay for your aunt who lost some pictures somewhere on her SD card, but they expose you to potential litigation, false positives, and damage to your reputation from which you may never recover. By using our services, you automatically increase the expertise of your agency, gain the confidence of clients and employers, and the trust of attorneys who are relying on you to solve the unsolvable problem.

Data Recovery

Recovering deleted or lost data is only one small part of digital forensics, but sometimes that's all you need. Businesses routinely run into situations that extend beyond the reach of their IT resources. Maybe your IT department is well proven at recovering data, but this time it's not working. All is not necessarily lost. Fortunately today's computing systems are often steeped in redundancy. By using digital forensic techniques in the same meticulous manner we use in support of investigations, we may be able to recover data where IT's undelete measures have failed. Think about all the data you or your company is responsible for and consider the cost that might be incurred if some that data is irrevocably lost or compromised. We can't guarantee recovery in every case, but we can guarantee we'll approach the problem with the same level of care, consideration, and discretion you would use if you could do this for yourself. Contact us for a consultation before you give up hope.