"If the law has made you a witness, remain a man of science. You have no victim to avenge or guilty or innocent person to ruin or save. You must bear witness within the limits of science." -Dr. P.C.H. Brouardel
Most people these days are confused by the term "forensic". For them, digital forensics is something they see done on CSI: Cyber. If you click that link, you'll see that forensics, or even realistic investigation, is absolutely not what they're doing. What is forensics, then?
WHAT IS IT?
Simply put, the term "forensic" means nothing more than "to debate". Ever wonder why your local high school debate team is called "Forensics"? At the heart of their purpose, they debate. In the world of law and order, it means to "try in court". So then, digital forensics refers to digital evidence that is part of a legal proceeding, usually as an evidential "exhibit". What's digital evidence? These days it can refer to desktop or laptop computers, smart phones, tablets, servers, network gear, the refrigerator, coffee pot, your car's info-tainment system, etc. It's called the Internet of Things (IoT), and the sky's the fast-rising limit.
When we say "digital forensics", we mean those methods and tools used to extract data of evidential interest to a client. That doesn't mean the resulting work product will ever end up in a courtroom or that only those cases going to trial can be examined. It just means that we apply the scientific method and the guidelines established under Daubert-Frye without compromise so that should our work be scrutinized or deliberated before a judge or jury, we will give them every reason to find it valid and admissible.
DO I REALLY NEED AN EXPERT?
Be sure to visit the Wikipedia link above regarding Daubert and read it thoroughly. Some feel that it only applies to new and novel science or that it only applies to testing labs and not production labs. Digital technology is constantly evolving and advancing. Over the last 16 years, Hoyt Harness has seen 4 major turnovers in technology that completely changed the way forensic examiners do business:
Consequently, he relies heavily on continuing education, training. and field work to stay abreast of developments. Those that use technology for the wrong reasons certainly do that. None of the items in the above list are bad, in and of themselves, but they can be used for purposes darker than the creators envisioned. The bad guys are masters at exploiting that. Going further, extracting the right data and knowing why it's the right data is critical. Being able to fully complete the job even when tried and trusted methods seem to have failed is critical. Being able to tell the story the evidence wants to tell to a jury whose technical knowledge may only extend to opening an email or playing a game is critical. IT professionals, the geek squad, self-described geniuses that work at the computer store named after your favorite fruit are all presumably good at what they do. However, what they do is not digital forensics and their work product should not be expected to meet the court's requirements for scientific evidence. Hoyt Harness is a Computer Forensic Certified Examiner (CFCE) qualified by the International Association of Computer Investigative Specialists (IACIS), an internationally recognized and respected certifying organization in the global digital forensics community. That, coupled with thousands of hours of other relevant training, education, certifications, and experience puts him at the very top of his field and one of the most well-known digital evidence specialists in Arkansas.
- The change from f-serves to Peer-2-Peer file sharing.
- The spread of onion routing (i.e. Tor).
- The rise of mobile technology (smartphones).
- Mass adoption of consumer-level encryption.