“There is nothing more deceptive than an obvious fact,” said Arthur Conan Doyle’s fictional detective character, Sherlock Holmes.
Just like all other forensics, investigator bias, and laziness when seeking the truth, is prevalent in digital forensics as well. If you are wondering how digital forensics is different from normal forensics, let’s take a step back.
We have all heard of forensic science, right? It’s the application and usage of science in any investigation. Digital Forensics, also known as computer forensics, is the same.
In layman language, digital forensics is the digital equivalent of a fingerprint or a muddy boot, and digital forensics specialists work on tracking criminal activity through digital traces.
While digital forensics can be used in many types of investigations, both criminal and legal (in the form of ediscovery). In this blog, I am particularly discussing the challenges in digital forensics for criminal investigation and apprehending offenders.
If you have just finished watching The Ted Bundy Tapes documentary on Netflix and only think real-life criminals are smart, you haven’t dug deeper on hackers, digital criminals, pirates, and the like. The Official Annual Cybercrime Report estimates that cybercrime alone will cost $6 trillion annually by 2021. In 2015, that figure was $3 trillion.
However, digital forensics does not only trace cybercrimes. Aside from targeting digital crime, digital forensics is also used in capturing normal criminals. This is done by tracking data, network intrusion, camera footage, and more.
According to forensic specialists Fahdi, Clarke & Furnell, the challenges in digital forensics can be classified into three main categories:
With the rapid development in tech and digital sciences, technology is at an all-time high. Tech is being used for both good and bad. Due to the recent developments, it has become easier for criminals to hide and to engage in criminal activity.
One of the main issues that forensic officers face today is that as fast as technology is developing to investigate criminals, the criminals are also using it at a similar pace to hide and alter the traces.
It may come as a surprise to you all, but unlike many other forms of physical evidence, digital evidence is easy to alter, remove, or hide. And with a digital expert, this can be done without leaving any traces that might identify the criminal. With such instances, anti-forensics activities have become a major challenge for digital forensics officers. When discussing technical challenges, the six main encountered in digital forensics are:
– Covert channel
– Data hiding in storage space
– Residual data wiping
– Tail obfuscation
Privacy is crucial, whether it’s the victim, the suspect, or the criminal. It is even more so important to the victim. Often, forensic specialists require sharing data to get to the truth. This can violate the privacy of the users. It becomes challenging when an investigator or forensic specialist stumbles across some facts related to the crime but is not allowed to use the information against the attacker due to legal privacy issues. This affects the whole investigation process and limits the investigator significantly. This is a sizable challenge in digital forensics.
As stated by Bui, Enyeart & Luong (2003), ethical considerations should be examined because of the wealth of information that is collected from forensic investigations. To ensure the integrity of the data, these should be collected and stored carefully and legally. Such legal obstacles, prevent and limit forensic scientists significantly. Measures and legal protocols should be amended to ensure that forensics can perform their duties and not be limited by legal restrictions.
Digital forensics isn’t easy, and it requires a lot of resources both in terms of manpower and technology. Depending on the scenario, the volume of data involved in the case might be of significant size. In that case, the forensic investigator has to go through all the collected data and filter through it to gather evidence. It may take a significant amount of time for the investigation. Since time is a limiting factor, it becomes another major challenge in the field of digital forensics.
Additionally, forensics specialists have issues with volatile memory as well due to which only the most recent data of the memory can be accessed and read. Furthermore, an investigator must also ensure that the data is not tampered with as well and well secured. Damaged data sources also make it hard to recover data easily. All these, when combined, pose a significant challenge to forensic specialists when conducting investigations.
Modern digital societies are subject to criminal activities and fraud, leading to economic and individual losses. Work is being done on defensive measures encompassing encryption, obfuscation, cloaking techniques, and information hiding. All this, coupled with the above-listed challenges, makes digital forensics difficult. This calls for a new wave of forensic tools engineered to support heterogeneous investigations, preserve privacy, and offer scalability.