---
title: "23-digital-forensics"
aliases: 
tags: 
- comp210
- lecture
sr-due: 2022-11-11
sr-interval: 10
sr-ease: 290
---

assit in legal/criminal proceedings

ICT in application to the law

requires broad range of technical knowledge

computers everywhere
- IoT, PCs, severs/cloud, smart devices, network routers and storage devices, other embedded systems
- can all hold forensically significant data
- 


# types of evidence
- direct evidence
	- evidence which a witness can provide a direct account of in their testimony
- circumstansial evidence
	- relates less directly to the facts of the case, requireing some analysis or inference
	- suggests or indicates by seldom proves
- corroborating evidence
	- supports or is consistent with other circumstantial evidence
- forensic evidence
	- a kind of circumstantial evidence, usually submitte by an expert witness

# digital forensic principles
- needs to be valildated
- physical forensics such as fingerprinting and DNA are the same
- chain of custody, is vital and must be unbroken
- necessitates proper procedures and handling
- "everything leaves a trace" some provisos i the digital domain
- maintain neutrality and objectivity
- good understanding of stats and probability can be vital

## ethos
- search for truth
- appreciate limits of certainty
- no bias or prejudice
- can work for either side but only one at a time
- document everything
- defend demonstrate and duplicate methods

## computers as a witness
- good at storing info, with great reliability.
- have no common sense, no initative.

## expert witnesses
- ![tips](https://i.imgur.com/6z7FpgU.png)

# documentation
- want to be able to recr

# volatility
- how quickly does the data vanish when power if removed.