What is Forensics?[edit | edit source]
Forensics is a discipline that dates back at least to the Roman era (and possibly even to ancient China), when people accused of crimes (and the accuser) presented evidence in front of a public audience (the Latin word forensis, means "of or before the forum"). In modern times it has come to mean the application of scientific processes to recover evidence related to crime or other legal action.
Digital forensics system[edit | edit source]
Digital forensics, as a discipline, grew out of the explosion in personal computer use during the late 1970s and early 1980s. The first specific computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included legislation against the unauthorized modification or deletion of data on a computer system. Over the next few years the range of computer crimes being committed increased and laws were passed to deal with issues of copyright, privacy/harassment and child pornography.
It was not until the 1980s that federal laws began to incorporate computer offences. Canada was the first country to pass legislation in 1983. This was followed by the US Federal Computer Fraud and Abuse Act in 1986, Australian amendments to their crimes acts in 1989 and the British Computer Abuse Act in 1990.
Much of the forensic analysis during this period was performed on "live" systems, using traditional (and non-specialist) system administration tools. Very few standards or guidelines existed to help practitioners, and the evidence they produced was often rejected by courts.
Developing standards[edit | edit source]
In response to the growth in computer crime during the 1980s and 1990s law enforcement agencies began to establish specialized investigative groups, usually at the national level. In 1984 the FBI launched a Computer Analysis and Response Team, a year later the UK set up a computer crime department within the Metropolitan Police fraud squad. Many of the early members of these groups were computer hobbyists as well as law enforcement.
Throughout the 1990s there was high demand for the these resources, eventually leading to the creation of regional and even local level units. For example, the British National Hi-Tech Crime Unit was set up in 2001 to provide a national structure; with personnel centrally in London and the various regional police forces (the unit was folded into the Serious Organised Crime Agency (SOCA) in 2006).
During this period the science of digital forensics grew out of ad-hoc tools and techniques developed by practitioners. This is in contrast to other forensics disciplines which grew out of work by the scientific community. It was not until the late 90s that the value of digital evidence was being recognised by courts.
Mobile devices[edit | edit source]
During the early part of the 21st Century the consumer world has seen an explosion of mobile devices (phones, PDA's, mobile laptops and pads) similar to the 80s computer revolution. If anything the use of such devices is even more widespread.
The use of mobile phones in crime is well known, and the evidential value of mobile devices is slowly being recognized. This isn't limited simply to phone calls and text messages; modern devices often contain email, photographs, chat and other forms of communication/activity.
The future[edit | edit source]
In a 2010 paper Simson Garfinkel identified issues facing digital investigations in the future. Including the increasing size of digital media, the wide availability of encryption to consumers, a growing variety of operating systems and file formats, individuals owning multiple devices and legal limitations on investigators. The paper also identified continued training issues, as well as the high cost of entering the field being prohibitive.