5 Ways to Jeopardize a Digital Forensic Investigation?

Divorce in the Digital Age: Why Are Divorce Cases Relying More on Electronically Stored Information (ESI)?
February 1, 2018
Show all

5 Ways to Jeopardize a Digital Forensic Investigation?

Electronic discovery has become a major part of many, if not most court cases, both civil and criminal.  Often electronic evidence can be the determining factor in a case’s outcome. Because of this, you want to have a digital forensic expert as part of your legal team and case presentation.  This is not an area for do-it-yourselfers or your IT guy.  You not only need the appropriate tools and equipment necessary for a thorough examination, you need in-depth knowledge of the process to produce trustworthy results that will be admissible in court.  Effective, expert testimony can mean the difference between winning and losing your case.  So, what will compromise a digital forensic investigation?

  1. Don’t touch the device!  Though you may think you’re being helpful and protecting data, the simplest of operations can have the most damaging effect.  Turning the device on or off, and rebooting can overwrite files and change time stamps making it harder for a forensic examiner to find information relevant to your case.  The device should not be used at all and stored in a secure location.  If possible, remove the server from operation immediately.
  2. Don’t try to look at the files on your device.  Resist temptation!  Even if you know what you’re looking for and where to look, the act of browsing itself may cause issues when it comes time to retrieve evidence from your device.  Browsing through files may cause file times to change which will make it impossible to tell exactly when an important piece of data was copied, altered, or deleted.
  3. Don’t try and copy data yourself.  This is not the time to try and save money.  Saving a few hundred dollars now, may cost you thousands later.  Buying an external hard drive and copying your data to it does not preserve the unallocated space and deleted files.  It will also change times and dates and other data on the files.  In addition there will be no verification of the recovery and preservation processes to ensure that the data has been completely copied and no errors have occurred.  A digital forensic expert understands these highly sensitive procedures and will make sure that no data is lost, destroyed, or altered, and will be admissible at trial, if necessary.
  4. Don’t Wait.  The longer a device is operating, the more likely it is that the relevant data may be altered, deleted or overwritten. Always preserve electronic data the moment you believe an incident has occurred and that litigation is possible.  In addition, document who had access to the device both before and after the incident to maintain a proper chain of custody.
  5. Not using a digital forensics expert.  Remember your IT “guy” or IT department are not digital forensics experts.  They may make things worse by checking system files and unknowingly destroying potential evidence.  Their programs may not be forensically sound and make evidence inadmissible in court.

What does a digital forensic expert do?

Provide an impartial examination of your case.  A digital forensics examiner is an expert witness who draws results and conclusions based on evidence.  They are completely impartial and have no preconceived notions about the case, evidence, attorneys, or those on trial.

Use the digital forensic process to acquire electronic evidence.  There are very specific ways and tools used to collect and preserve electronic evidence.  A digital forensic expert will have both the tools and knowledge to maintain the evidence’s integrity to prevent spoliation.

Analyze the evidence and report findings.  An experience digital forensic expert will be able to thoroughly review all of the electronic evidence collected and identify and analyze the ESI that is needed for your case.  They are adept at presenting the pertinent information in an uncomplicated, easily understood comprehensive report.

Be an effective expert witness.  As an expert witness, an experienced digital forensic examiner will be able to discuss, in layman’s terms, how the electronic evidence was gathered and why it should be trusted. It is imperative that a digital forensic expert be both personable and knowledgeable and able to explain the evidence in a way that jurors will understand.

About Prudential Associates

Prudential Associates was founded by former Army Intelligence Officer Robert Miller in 1972, who began serving the local legal community as an investigative, surveillance, and intelligence resource.

Prudential Associates has expanded its service footprint geographically and added over 70 extremely valuable staff members and experts; our consulting and service operations have taken place in thousands of locations on nearly every continent. To date we have achieved recognition as the premier resource for clients in sectors such as: television and movie production; maritime services and shipping; large event/concert planning & security; pharmaceutical production; shipping and logistics; human capital management; and, perhaps most notably, in the legal service industry, given our highly distinguished investigative, surveillance, and digital forensics expertise.

Our in-house computer and cell phone forensics lab rivals or exceeds the capabilities of over 90% of the law enforcement labs in the United States, as well as over 99% of those overseas.

For a greater insight into our experience, expertise, and operational history, please see our Corporate Resume.

Contact us today to discuss our digital forensics services, your digital forensic needs, and expert witness testimony. Get in touch with one of our experts now by calling 301.279.6700 or 877.279.670, or by visiting www.prudentialassociates.com.