A Lawyer’s Guide to Digital Forensics

What do you think of when you hear the term digital forensics? For some, it may conjure up scenes from CSI with techs wearing lab coats looking through a microscope while sporting a sidearm at their waist. But in reality, it’s not so glamorous. So, what is it?

Digital forensics is a branch of forensic science focused on the recovery and investigation of material found in digital devices. It is most often used in relation to internal theft or cyber crime.

When would you want to hire a digital forensics professional? Digital forensics can be used in both criminal and civil cases. Simply put, any device that can store data can potentially be analyzed for evidence. For example, the following devices are easily analyzed: laptops, desktop computers, smart phones, external or USB hard drives, thumb drives, SD cards, iPads, iPhones, tablets, digital cameras and GPS. Most cases these days usually involve at least a laptop or cell phone.

There are three areas particularly well-suited for digital forensics: fraud, employee issues, and intellectual property (IP) theft.

Fraud

If you’re working to prove that fraud has taken place at a business, digital forensics can help. With accounting and bookkeeping moving increasingly to digital platforms, there are more electronic records of financial transactions. This means that fraud can be easier to prove — if you know where to look.

For example, digital forensics can find hidden spreadsheets or search through emails to find specific transaction information.

Employee issues

When employee issues arise, organizations want to deal with them quickly and effectively. These processes can drag on, creating negative environments and damaging morale. Digital forensics can expedite the process and protect organizations navigating these situations.

Let’s look at an example. At a car dealership, an employee was suspected of using inventory vehicles for personal use. The employee denied it. With the help of a digital forensics team, the dealership found emails from the in-car security system sent to the employee. This provided the evidence they needed to terminate the employee.

IP theft

With people more likely to move from job to job in today’s economy, and easier access to company documents via organizational data storage systems, IP theft is a significant threat to businesses. To protect themselves, organizations must show that the risks outweigh the rewards and prosecute those who commit IP theft.

Digital forensics allows employers to investigate the digital behaviour of team members, including seeing who downloads certain files, like customer lists or unique trade secrets, or determining if someone printed a document.

Understanding the digital forensics process

Digital forensic investigations follow a four-step process.

Collection

With the proper authorization, our team collects the digital evidence. Depending on the investigation, this could involve seizing computers, phones, or hard drives. This process is critical to the investigation and is best left to professionals because it is a sensitive area of law. Devices can only be seized if they’re owned by the employer or if the employee gives consent. Otherwise, you risk damaging or losing important information. The collection can be done covertly or with the knowledge of the user of the device.

Examination

With the data in hand, the digital forensics team begin to look for evidence stored on the seized assets or evidence of deleted data.

Analysis

Using the data, our team builds a clearer picture of what happened. This step is technical in nature and critical to determining the outcome of the investigation.

Reporting

For lawyers, this is the most important step. Reporting is when we deliver our findings in an understandable way, empowering you to take the next step in a case.

When you should hire a digital forensics team

The answer is straight-forward: you should hire a digital forensics expert whenever you’re investigating something that involves technology. Most people are comfortable using technology that stores important data, like phones or laptops, but a proper investigation requires deep knowledge.

If you try to go about it on your own, you risk losing important evidence or what you might find can be successfully challenged in court rendering in the information useless.

Maximizing the power of digital forensics

To make the most of digital forensics, keep the following tips in mind:

• Involve forensic experts as soon as reasonably possible
• Leave forensics to professionals, not your IT team
• Properly secure any exhibits that come into your possession
• Make notes of everything that was done when the exhibits were in your possession, including continuity (names, dates, time, location)
• Remember data can be stored in the cloud
• Even if a device is damaged, seize it anyway — data may still be recoverable
• Disconnect devices from any wired or wireless network

MNP’s forensic experts have years of experience in either law enforcement and/or the military, ensuring the job will be done efficiently and correctly. Our experts use the latest in forensic technology and employ industry-standard techniques that can withstand scrutiny in a court of law.

Contact: