Beruflich Dokumente
Kultur Dokumente
Abstract Application of scientific forensic methods in clearly demonstrated validity of the used method. While one
ICT has become a mainstream methodology not only in can argue that evidence digital forensics is dealing with is
criminal and civil proceedings, but also in preventive material, in a sense that it is usually inextricably tied to
maintenance of various aspects of ICT systems used by material media that contains them, their nature is clearly not
corporations, governmental and other institutions. material. This demonstrates how technical developments of
However, despite efforts of solution providers to create the present and near future will test and challenge some
forensic hardware, software and procedures that are definitions that seemed to be solid in the past.
purported to be easy to use even by those that are not
forensic experts, in most cases forensic proceedings are Over the past two decades, dematerialization of the IT world
connected with high utilization of financial and temporal has caused detachment of the data, media that contains them
resources. Accelerated changes in information technology and physical locations where such media is stored. Internet
and architecture also require additional regulation that became a new transport layer for such evidence, crossing
will pre-emptively ensure adequate amount and form of geographical barriers and further pushing the envelope of
forensic trail left for possible future investigations. This well-established legal framework whose jurisdiction is
paper is an attempt to describe current state of affairs of usually defined by physical national borders. While crime
forensic proceedings, the latest trends and to provide and other events are always one step ahead of codified
comment on their financial impact and consequential legislation, described course of events made it very difficult
real-world feasibility. even for those very best in the legal profession of digital
forensics, and those who use their services (district attorneys,
Key words: forensic proceedings, forensic investigations, lawyers and courts) even to apply existing legislature, let
financial impact, ICT alone understand the presented facts that are usually dealing
with very complex technical architecture, facts and
conclusions.
I INTRODUCTION
Most authors agree that until events of 9/11 [3], separation of
Generally, forensic science or forensics is the application of non-material world of digital networks and systems according
scientific principles and techniques to matters of criminal to national and geographical borders was one of the main
justice especially as relating to the collection, examination obstacles in front of experts in the field of digital forensics
and analysis of physical evidence [1]. The main characteristic and users of their services. After 9/11, new legislative acts
of forensics is that it produces results and reports suitable to have been passed all over the world to support the agenda of
be used in courts or judicature, and for public discussion or fight against terrorism [4], further facilitating cooperation
debate. Therefore, forensics is indubitably tied to the legal between national bodies in charge of ICT infrastructure and
context and explaining complex facts and their mutual legislative bodies of various countries, in provision of digital
connection in simple, straightforward language and layman evidence during investigations. However, facilitation of this
terms to those who are not subject experts, but have to reach process has caused some major concerns among privacy
certain conclusions or make decisions based on the presented advocates. Civil liberties implications of counterterrorism
facts. policies are a hot topic of debate in the European Union
whose directives still protect the privacy of its countries
Digital forensics is one of the latest branches of general citizen. Findings of Julian Assanges WikiLeaks organization
forensic science dealing with digital traces and artefacts. One and those of Edward Snowden have clearly demonstrated
of possible definitions of digital forensics is given by the how pre-emptive acting on behalf of the governments creates
following: The application of computer science and a myriad of more or less coordinated global surveillance
investigative procedures for a legal purpose involving the programs with cooperation of telecommunication companies
analysis of digital evidence after proper search authority, and European governments [5] that are clearly creating
chain of custody, validation with mathematics, use of breaches on behalf of privacy of their own citizens.
validated tools, repeatability, reporting, and possible expert
presentation [2]. As it is clearly visible from comparison of It is clear that there are several concerns to be addressed by
definitions of general forensics and the digital one, digital experts in digital forensics and legislative branches outlining
forensics deviates from general definition because it does not the operational framework. Privacy of citizens and security of
analyse material (physical) evidence. Material nature of corporate business information has to be leveraged against
evidence was initially included in the definition of forensics national and international security; digital evidence is
because reliance on physical properties of the evidence extremely volatile in nature, therefore it has to be carefully
II DIGITAL FORENSICS PRINCIPLES AND Except basic forensic laws that are more or less common for
LAWS all forensics disciplines, there are a few more principles of
digital forensics that are specific for the field of digital
Modern forensics has its roots in ancient China, with Song Ci investigations [10].
being the most famous forensic medial expert during
Southern Song Dynasty whose book Collected Cases of 1. No action taken during the forensic investigation
Injustice Rectified is still regarded as a seminal book of should change data which may have to be relied
forensic science in China. Developments in the field of upon in court
forensics in Europe became rapid only in the 19th century and
especially in the beginning of the 20th century with wide 2. In case that an investigator has to access original
adoption of fingerprint analysis invented by Juan Vucetic in digital evidence, he has to be competent to do so
1891. Widespread adoption of forensic and scientific and give evidence explaining the relevance and
methods and introduction of expert witnesses in most implications of their actions. Considering that
legislative systems had as a consequence the dissemination of operating systems and programs alter the content of
forensics in almost all fields of human life (and related legal digital evidence without the user being aware of
proceedings). such change, forensic analysis is usually performed
using relevant media images.
Digital forensics is only a logical development of the above
mentioned and became a discipline with the introduction of 3. An audit trail has to be created and preserved
computers first used as mainframes for mass data processing. demonstrating that the chain of custody over digital
In the past two decades and with further development of evidence is maintained. An independent expert
information society, computers, smartphones, networks, should be able to examine the utilized methodology
servers and Internet usage are very often the usual and even and achieve the same result.
expected part of many other legal proceedings, in the areas of
both the criminal and civil law. 4. There has to be a single instance in charge of
investigation and ensuring that the forensic laws
Digital forensics adheres to several classical laws of forensics and principles are being adhered to.
sciences that are also used in other areas of science. While
different sources quote different versions of these laws, they The golden standard in digital forensics nowadays is the
can be summarily explained in the following way when Abstract Digital Forensics Model, created as a generic,
applied to the digital world: technology-independent model, composed of nine different
phases (Figure 1).
1. Law of individuality, stating that every digital
artefact has the characteristics that are not
duplicated in any other object.
One possibility of control of possible forensic cost and [12] Dezfoli, F.N. et al. Digital Forensics Trends and
facilitating forensic analysis is the implementation of various Future, International Journal of Cyber-Security and Digital
controls aimed to elevate the achieved level of information Forensics (IJCSDF) 2(2), 2013, p. 50
security. These measures often provide a good level of audit
trail that has to be kept under forensically sound conditions [13] M. Tu, K. Cronin, D.Xu, S.Wira,"On the Development
and it could be later used as such. Therefore, there is a of Digital Forensics Curriculum",
significant level of overlapping between the information http://www.dsu.edu/research/ia/documents/ [6]-On-the-
security management systems and tentative subsequent development-of-Digital Forensics-Curriculum (accessed 17th
forensic usage. December 2016)
[16]http://www.iso.org/iso/home/store/catalogue_ics/catalogu
e_detail_ics.htm?csnumber=66912 (accessed 6th January
2017)
[17]http://www.forensicmag.com/article/2012/02/isoiec-
170252005-accreditation-digital-forensics-discipline
(accessed 6th January 2017)