Searching for digital clues

Collecting digital evidence of a cybercrime is not as easy as rounding it up for a real-world crime. Television episodes of CSI typically begin with a horrified bystander stumbling over a dead body in a dark alley.

Investigators quickly descend on the crime scene, armed with latex gloves, plastic baggies and DNA swabs to collect the physical evidence. Maintaining the chain of custody (preserving the integrity of the evidence) is a fairly straightforward process.

Not so with digital evidence. First, IT staff are often not even aware they’ve stumbled across a crime scene.

The first inkling frequently originates with a user complaints about their systems’ performance, and evidence is discovered in the course of routine troubleshooting. But digital evidence is easily tainted, inadvertently, by IT staff in the course of carrying out their job duties.

Establishing the timelines of an incident is crucial, and therein lies a major problem. Browsing files or opening logs to figure out the situation automatically changes the time stamps. “Just by booting a Windows machine, 70 to 100 files and time stamps are changed,” said Inspector Robert Currie, officer in charge of the RCMP’s Technological Crime Program.

Also, temporary information is often stored in “slack” space: unallocated space on the hard drive that the CPU may overwrite later.

Perpetrators sometimes connect to peripherals like an external CD to copy information, said Hamel, and metadata about that is stored in slack space. When IT staff browse a system, the chances overwriting and losing that information increases.

Routine troubleshooting conducted by IT staff can be discerned when doing a forensic analysis, explained Ren

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now