quartz/content/notes/23-digital-forensics.md

title	aliases	tags
23-digital-forensics		comp210 lecture

assit in legal/criminal proceedings

ICT in application to the law

requires broad range of technical knowledge

computers everywhere

• IoT, PCs, severs/cloud, smart devices, network routers and storage devices, other embedded systems
• can all hold forensically significant data

types of evidence

• direct evidence
  • evidence which a witness can provide a direct account of in their testimony
• circumstansial evidence
  • relates less directly to the facts of the case, requireing some analysis or inference
  • suggests or indicates by seldom proves
• corroborating evidence
  • supports or is consistent with other circumstantial evidence
• forensic evidence
  • a kind of circumstantial evidence, usually submitte by an expert witness

digital forensic principles

• needs to be valildated
• physical forensics such as fingerprinting and DNA are the same
• chain of custody, is vital and must be unbroken
• necessitates proper procedures and handling
• "everything leaves a trace" some provisos i the digital domain
• maintain neutrality and objectivity
• good understanding of stats and probability can be vital

ethos

• search for truth
• appreciate limits of certainty
• no bias or prejudice
• can work for either side but only one at a time
• document everything
• defend demonstrate and duplicate methods

computers as a witness

• good at storing info, with great reliability.
• have no common sense, no initative.

expert witnesses

• 

documentation

• want to be able to recr

volatility

• how quickly does the data vanish when power if removed.