How to Collect Digital Evidence

The number of Internet Connected Devices in the world today is estimated to be 22 Billion and that number is expected to increase to 38 Billion by 2025. The world only has a population of 8 billion, but how many devices do you have? Likely more than one!

The speed, storage capacity and convenience afforded by digital devices ensures the use of digital devices is widespread and the exponential growth of digital devices is creating a new universe of evidence. Legal professionals, Investigators and Security Professionals need to be knowledgeable of the expertise and tools required to collect analyze and preserve digital evidence.

The term computer forensics has been used for years, although is often misused. The term “forensics”, when utilized in reference to evidence, refers to the utilization of scientifically accepted methods and tools that are recognized by courts. Court recognition allows evidence collected in a “forensically-sound- manner” to be introduced and relied upon in a court proceeding. Unfortunately, there are many instances where valuable evidence was not collected in a forensically-sound-manner and it was disallowed. Over the years, courts have recognized a select group of tools that assist in the collection of digital evidence. When seeking to collect digital evidence, it is essential that the tools deployed to collect digital evidence are recognized by the court where the evidence is going to be presented. In addition, the individual who is tasked, with collecting, analyzing, and preserving digital evidence, must have training and credentials to support the forensic collection of digital evidence.

There are multiple myths regarding the collection of digital evidence. One being that digital evidence is collected in minutes or seconds, this is false!

How digital evidence should be collected:

1. Create a forensic image. Based upon the volume and type of data, this can take hours, if not days to complete.

2. Process or index the data. This process separates the data into manageable folders, i.e. photos, emails, texts, etc. often requiring considerable periods of time.

3. Analyze the data. Consider the time required to analyze thousands of photos, emails, texts, etc. and create a log that can be digested by a court audience.

Some of these processes are automated, but they require professional oversight to ensure they are functioning properly. Although this forensically-sound-protocol requires expertise and is often labor intensive, another myth is that it is expensive. In reality, the examination of digital devices can be accomplished for reasonable, flat fees.

We have the expertise and certified tools in our in-house computer forensics lab and will be pleased to consult with you on any digital evidence project.