Table of Contents
I. Types of digital evidence
Digital evidence can be classified in accordance with the type of device, from which it is being retrieved. In particular, one may distinguish three main sources: the Internet, computers, and mobile devices (National Institute of Justice, 2008). Each type differs in peculiar characteristics of data and the way they are processed, saved, and being collected. Therefore, digital forensic tools are developed in order to address every type of digital data. For instance, scholars define five approaches to the data extraction that are elaborated for different types of the digital evidence (Goodison, Davis, & Jackson, 2015).
II. Digital forensic tools gain topicality in collecting the evidence of cyber crimes
1. Poorly controlled area
The rapid development of the digital world challenges the forensic consulting agencies and state legal authorizes to keep pace with the technological progress. Hence, this area is poorly controlled today. Apart from that issue, the great volatility and fragility of the digital evidence complicate ensuring the cyberspace safety. This part aims to provide several examples of the most widespread misconducts with the view to emphasizing the topicality of the need to advance digital forensic tools (Olsen, n. d.). In addition, the review of cybercrimes is supposed to provide an insight into the degree of safety that these tools can guarantee in the modern world.
2. The successful use of digital forensic tools in the crime prevention
The seriousness of potential implications of cybercrimes suggests that anticipating negative outcomes is the main task that should be considered prior, within, and after the investigation process. Therefore, modern forensic tools should provide options for mitigating and/or eliminating the plausibility of cyber offenses. This part presents a review of the recent successful approaches towards using the GPS program for tracking the location of former sex offenders (Bulman, 2013).
III. The difference between the digital evidence derived from mobile devices and computers
IV. Listing and discussing modern open and close source digital forensic tools (InfoSec Institute, 2014).
V. Benefits and shortcomings of commercial and free digital forensic tools
1. Drawbacks: 2. Advantages:
- a) High price vs. Prestige and dependability of an organization
- b) Limited accessibility vs. Free anytime access
- c) More effective vs. Less effective
Legal authorities are more familiar with close source tools; thus, commercial tools facilitate the process of the digital evidence representation in court (Daniel & Daniel, 2012)
d) Both kinds of digital forensic tools are sensitive in terms of the digital data fragility.
VI. Religious ethical issues that must be considered while working with the digital evidence of cyber crimes.
Conclusion: Technically, close source forensic tools are just as functional as open source ones. Nevertheless, there are certain advantages of the last. Moreover, it is clear that the limited control over cyberspace and corresponding interactions demand to improve forensic tools even further, because presently, they have drawbacks that inhibit the investigation, trial, and protection of victims.
The field of cyber crimes incorporate the field of the cyber evidence; however, the digital evidence may be collected for misconducts that occur aside of cyber space but leave a digital trace. For instance, investigators may retrieve the digital evidence for the child abuse and exploitation, domestic violence, gambling, and many other issues. This paper aims to review the advantages and shortcomings of commercial digital forensic tools and define to what extent they can preserve the digital evidence and reduce the likelihood of other crimes.
In the beginning, it is necessary to define types of the digital evidence. The diversity depends on kinds of devices, from which the data are derived. In this regard, one should emphasize that a great variety of devices makes it impossible to develop a uniform procedure of the data retrieval. Without a doubt, it is one of the most significant challenges that are faced by forensic consulting agencies and companies that produce digital forensic tools. For example, it is expected that the information can be extracted from “various models of cellular phones (e.g. Android, Apple, and Blackberry), desktops, laptops, tablets, external storage devices, GPS locators” (Goodison et al., 2015). While observing the diversity of sources, it becomes clear that forensic specialists need to utilize several tools in investigating the same case. The next paragraph discusses in detail ways of the information extraction and the type of data that is released from diverse digital sources.
The digital evidence is collected from the social media and online databases. This evidence includes file-sharing, online activity on social networks, and searching for information, for example. The retrieval of this evidence is challenged by the fact that there are tools, which aim at concealing the identity or location, or any other important information about the user (Goodison et al., 2015). As a result, half-legal and illegal activities such as gambling, child porno, and stalking may remain uncovered for a long time.
In addition to the online activity, digital evidence may be imprinted in computers. Investigators apply to “a manual or logical extraction process” in order to retrieve “temporary Internet files, cookies, and a browsing history” (Goodison et al., 2015, p. 4). Moreover, portable electronics or mobile devices provide a significant part of the digital evidence since the use of these devices continues to increase with time. Scholars define five types of the information extraction; they are the micro read, chip-off, physical, logical, and manual extraction (Figure 1). These types may be used together for detecting the needed digital evidence; however, depending on the tpe of data, a particular approach may be more relevant. For instance, for digital data, one may use micro read and chip-off. In the case of retrieving data from mobile devices, investigators may combine manual and micro read devices. Overall, “forensics for computers is easier and less complex in comparison to mobile devices” (Yates, n. d. p. 159). The difference between the digital evidence of portable electronics and computers is explained in detail below
Forensic consulting agencies, as well as representatives of legal authorities, should take into consideration important differences between working with data that are retrieved from computers and those received from portable electronics. Specifically, handheld devices are characterized by the higher volatility of information (Yates, n. d.). Moreover, the process of the technological development of mobile devices occurs much faster; it implies that forensic tools must be advanced promptly in order to be capable of working with the latest knowhow (Table 1). Besides, mobile devices possess less digital evidence. Undoubtedly, aforementioned particularities suggest that it is much harder to work with the digital evidence from handheld devices. As a result, the training and professional growth of digital forensic experts are more complicated and challenging on such devices than on computers. At the same time, there are more open source tools than close source ones available for the evidence hidden on mobile devices than on computers (Yates, n. d.). The above-discussed characteristics should be considered while choosing the type of appropriate digital forensic tool(s). In addition, one should remember about other challenges that are created by certain peculiarities of digital data.
Specifically, acquiring digital evidence is complicated by the fact that the cyber space is a poorly controlled area. In addition, digital information possesses a number of weaknesses. In such a manner, it is latent (hidden), like fingerprints or DNA evidence, crosses jurisdictional borders quickly and easily, can be altered, damaged or destroyed with little effort, can be time sensitive (National Institute of Justice, 2008).
Undoubtedly, creators of digital forensic tools must consider drawbacks of such data. For example, a perpetrator may control a cell phone of a victim without his or her notice. Such behavior is a violation of human rights, which is punished by law. Hence, the possibility of controlling one’s cell phone activity may be utilized as a way of domestic violence and child abuse.
Moreover, online programs allow falsifying phone numbers and sending multiple text or voice messages to victims. Rather often, this option is utilized for stalking, threatening, and humiliating a chosen person. These cybercrimes strongly resonate with domestic violence including child abuse because, as a rule, perpetrators know their victims and possess personal motives to cause them harm. Besides, abusers often use GPS to track a person (Olsen, n. d.). These few examples of the most popular cyber crimes leave a type of the digital evidence, which can be retrieved with the help of a proper extraction tool.
At the same type, GPS is used by legal authorities for the purpose of collecting required data about released prisoners, who were incarcerated for the sex abuse. In this regard, it is necessary to emphasize that the innovation of this approach presumes assigning a greater protective function to digital forensic tools with the purpose of preventing the occurrence of a crime rather than dealing with its consequences. Consider an example, “although the GPS program costs $8.51 more per day than traditional supervision, the GPS approach produced a decrease of 12 percentage points in arrests for any offense (from approximately 26 percent to 14 percent)” (Bulman, 2013). According to the statistics provided above, the GPS program is more expensive but more effective, as well.
On the other hand, the authors of this novelty emphasize that keeping prisoners in jails is more expensive than tracking them with the help of GPS. While trying to define any drawbacks of this approach, one should note that the tool remains not effective in some underground areas or while recharging (Bulman, 2013). There is another argument against tracking former criminals; this ethical consideration is associated with the violated privacy. Without a doubt, the merit of this approach exceeds its costs, but this idea resonates with the drawback of digital data that were explained above; it easily crosses the legal borders and evokes ethical considerations. The aforementioned scrutiny is presented with the view to providing an idea what tasks and what challenges are associated with the use of both open and close source digital forensic tools. The next paragraph aims at comparing commercial and free tools in order to understand drawbacks and benefits of each group.
When defining the list of the most popular digital forensic tools, it is necessary to mention the following programs. Famous open source forensic tools are Digital Forensic Framework, Open Computer Forensics Architecture, CAINE, X-Ways Forensics, SANS Investigative Forensics Toolkit – SIFT, The Sleuth Kit, Llibforensics, Volatility, WindowsSCOPE, The Coroner’s Toolkit, Oxygen Forensic Suite, Bulk Extractor, Xplico, Mandiant RedLine, Computer Online Forensic Evidence Extractor (COFEE), PlainSight, XRY, HELIX3, Cellebrite UFED (InfoSec Institute, 2014). Similarly, one should name three popular commercial digital forensic tools: EnCase--$995, Registry Recon --$399, P2 eXplorer- $199 (InfoSec Institute, 2014). It is important to note that some programs, for instance, Registry Recon, offers a limited version that may be used for free (InfoSec Institute, 2014). The next paragraph discusses in detail the key features of the most popular open and close source software.
Digital Forensic Framework can be used by experts, as well as by individuals, without specific knowledge in the digital forensic. This tool is designed for extracting and processing the evidence from Windows or Linux OS. OCFA is designed for Linux and functions as a tool of an automatic data storing. CAINE is another open source tool that is also based on the Linux OS; it stores and systemizes digital data.
Furthermore, X-Ways Forensics is a professional free digital forensic tool that possesses a range of valuable options, such as “automated activity logging, data authenticity, complete case management, memory and RAM analysis, gallery view for pictures”, and many other (InfoSec Institute, 2014). This tool is designed for all versions of Windows. Moreover, SIFT is “a multi-purpose forensic operating system” that iss used for collecting the evidence of any intrusions or other kinds of the suspicions activity with the purpose of disconnecting the interaction between an agent and malware (InfoSec Institute, 2014). In this way, this program is crucial for preventing cybercrimes or reducing their negative effects.
What is more, EnCase is one of the most famous and most expensive commercial forensic tools that are currently available in the market. It is utilized by professionals for collecting specific data from various devices, processing them, and presenting a report. Thus, it is extremely convenient for optimizing the process of investigation and evidence presentation. Registry Recon is popular commercial software that helps rebuild parts of the lost or damaged digital information and represent it as the evidence. It is compatible with Windows OS.
The third close source digital forensic tool under consideration is P2 eXplorer, which is designed for the professional use. In particular, it is utilized by investigators for examining cases of cybercrimes or extracting the cyber evidence of other types of misconduct. The present version is capable of maintaining both logical and physical types of extraction. It runs on Linux OS (InfoSec Institute, 2014). This description of open and close source tools aims to provide an insight into the appropriateness of their use in accordance with the set tasks and compatible operational systems. The next paragraph defines and compares these tools in order to study advantages and shortcomings of both.
Given the cost of close source tools, one may deduce that the high price is a considerable drawback of the commercial forensic software, in comparison to open source ones that can be used for free. On the other hand, the paid service implies the prestige and reliability of forensic consulting agencies. In other words, the evidence that is retrieved and processed by commercial tools is believed to be more dependable (Garnett, n. d.). A correlating feature is the limited accessibility of close source digital forensic tools. Consider the rationale, “the common digital forensic analysis tools are developed with commercial interests, it is unlikely that vendors would be willing to publish all of their source code” (Carrier, 2003, p. 8). In a word, free access is an advance of open source forensic tools.
Furthermore, legal authorizes are used to working with commercial tools; therefore, utilizing close source programs facilitates the investigation and evidence representation in court (Daniel & Daniel, 2012). Besides, as it was mentioned above, both kinds of digital forensic tools are sensitive in terms of the digital data fragility. For instance, it happens when a criminal with GPS tracker “decides to go to sleep under an electric blanket that disrupts the GPS signal” (Bulman, 2013). Moreover, all kinds of digital forensic tools require sufficient training in retrieving, processing, analyzing, and representing the evidence. In other words, investigators are supposed to spend much time on the constant advancement of the digital research.
Moreover, to keep pace with the technological progress is necessary to legal authorizes since the staff must be skillful in interpreting the represented digital data. Therefore, the use of free digital forensic tools is both money and time-consuming. Hence, it is obvious that the use of commercial tools is more expensive. Apart from the purchasing price, forensic consulting agencies are supposed to pay annual fees for the service and timely update of their commercial forensic tools (Daniel & Daniel, 2012).
Moreover, when using digital forensic tools, investigators must consider the ethical side of an issue. In particular, one should possess an integrated personality in order to omit the data falsification and privacy breaches that are not permitted by a warrant. In this regard, one should refer to the Bible that educates, “The integrity of the upright shall guide them: but the perverseness of transgressors shall destroy them” (KJB, Proverb 11:3) Moreover, investigators need to avoid any kind of the personal data disclosure. Besides, it is necessary to foresee plausible risks and dangers for a victim or a potential victim, which should be followed by protecting a person from the impact of a perpetrator, protecting and saving the environment during and after the investigation. Without a doubt, being ethical during the investigation encourages one to use an inner moral compass that allows performing work duties “in integrity of heart, and in uprightness” (KJB, 1 Kings 9:4). This principle should be considered while working with the digital evidence at all stages of the investigation and their presentation in court.
Summing up the information mentioned above, one can rightfully conclude that the development of digital technologies provides more opportunities for cybercrimes. Under such circumstances, the advancement of the digital forensic tools that can help one can get otherwise untraceable evidence is an essential strategy. This research reveals that the use of both commercial and free forensic tools can be rather effective. At the same time, in any case, those individuals that are supposed to deal with the evidence should be experts in terms of the technology, law, and ethical perspectives. The use of commercial forensic tools is proven to be somewhat more effective, but mostly due to the prestige associated with the close source software, which is believed to be more reliable. Moreover, they are presumed to be more convenient in-use during the trial. In addition, one should emphasize the fact that open source operating systems are more often used for working with the digital evidence that is stored on mobile devices. Besides, when choosing a digital forensic tool, one should consider the purpose since some of them (both commercial and free ones) are designed to either assist in professional investigations, or be utilized by non-experts, or be convenient for both. Furthermore, the choice of the forensic software depends on its compatibility with the user’s OS. When defining the weak points of the discussed digital tools, one should consider the fact that both types are challenged by the great volatility, time-sensitivity, and fragility of digital data. Moreover, there are some tools that are used to conceal the evidence of crimes; therefore, any software must constantly be updated. In the case of utilizing commercial digital forensic tools, it requires paying annual fees. When answering the question to what degree commercial forensic tools succeed in collecting the digital evidence of domestic violence, child abuse, gambling, and other misconducts, it is natural to deduce that they are rather effective.