Security threats Toolkit

IT Forensics: When crime scene investigations go digital

Tags:
Digital Forensics

Cath Everett ZDNet.co.uk

Published: 24 Apr 2006 13:30 BST

The concept of digital forensics was originally spawned by law enforcement agencies, which started to realise that traditional forensics techniques, where the focus was on physical evidence such as fingerprints and ballistics traces, was no longer sufficient to fight crime in a world that was becoming increasingly digitised.

As a result, police officers started developing techniques to find out about information held on computers and to investigate who did what, when and how in such a way that the evidence could stand up in court.

By the late 1990s, however, large commercial organisations began to understand that their computers also held important information that could be exploited in relation e-crime and other potential workplace incidents. This trend, coupled with the growing importance of legislation such as the Data Protection Act and the European Convention on Human Rights, which put a duty of care on employers to handle staff-related matters in a fair and just manner, also led to increased interest in digital forensic concepts.

According to John Douglas, a forensic computing specialist at risk advisory consultancy, QCC Information Security, a sea change occurred in 2004 when Operation Ore hit the headlines and more than 600 UK sex offenders were convicted following a probe into Internet child pornography.

"While digital forensics had been around for about 10 years, it had grown very slowly in an organic way until Operation Ore. Once that hit, however, it gave the impetus for the police to set up high tech crime units in each constabulary and that helped to drive forensics quite a lot because people became aware of what was possible," explains Douglas.

Nonetheless, outside of law enforcement, the market still remains small and somewhat niche. Although growing public awareness has started to infiltrate at boardroom level, the discipline still has some way to go before it achieves mainstream adoption and the number of practitioners in the UK, including those found in police forces, numbers no more than 300.

This is not least because, unlike fields such as disaster recovery and data back-up that involve all areas of the business, it is a relatively narrow area of interest, which is only employed in certain limited circumstances. This means that digital forensics is, in the main, something that technical staff are more likely to be cognisant of rather than their senior managers.