Digital Forensics for Attorneys
If you're an attorney working on a civil suit or criminal case that entails electronic evidence, I can promise you three things:
1. I will open your eyes to more types of electronic evidence than you perhaps thought obtainable;
2. I will determine exactly what happened, when it happened, and in what sequence it happened on a computer, laptop or other digital device; and
3. I will explain my findings in language that everyone – you, the judge, the jury, opposing counsel and other experts – can easily understand.
- Initial discussion. We discuss the circumstances of the case so I can develop a hard drive investigation strategy and determine where best to conduct the work. Rest assured, if the device in question has been seized by the police or FBI, or can't be moved from a worksite or home, I have the mobile equipment necessary to work onsite.
- Litigation support. I help you draft whatever discovery requests, declarations, motions, subpoenas or other legal documentation may be required to collect, analyze and later present digital forensic evidence.
- Peer report analysis. If a digital forensic analysis has already been performed by another analyst, I can review and explain his or her findings. If I feel confident that my own analysis would produce exactly the same results, I'll let you know and save you the cost of a second investigation.
- Data preservation. Prior to my own examination, I create a forensically sound copy of the hard drive in question at the disk or partition level. This ensures that I capture everything, including all hidden files, system files and even unused folder space where crucial evidence may be stored, without changing anything or leaving footprints of my work. This, in turn, ensures that any evidence I find on later analysis will not be challenged by opposing counsel for missteps in the chain of custody.
- Data analysis. Using forensic hardware and software, I examine every possible folder, file and space in which relevant electronic data may be stored. If a user has "wiped the drive" using erasure software, I can detect evidence of that activity.
- Reports. I report my findings in cascading depth. I write the executive summary for lay persons; the findings section for both lay persons and experts; and the technical addenda for other forensic analysts so they can duplicate my results if necessary.
- Trial strategy. I can assist you in developing questions for depositions, hearings and trials. It takes a computer expert to know exactly what an individual may or may not have done while using a device. It takes a digital forensics expert to know how to question another analyst's methodology or report.
- Expert witness testimony: If the case goes to court, I can give expert testimony regarding best digital forensics analysis practices and methodologies, as well as case-specific testimony about my own analysis and findings. As indicated earlier, this includes presenting my findings, both verbally and through charts and diagrams, in clear, concise terms that juries and other lay persons can easily understand.
Digital forensics analysis is becoming an increasingly important part of civil suits and criminal trials. To help you and your associates do your best work, I'll come to your offices and give you a solid introduction to this procedure.
Specifically, I'll help you understand:
- What types of information can be collected from a digital device.
- What to do and not do once you know you need digital forensics analysis.
- How electronic information must be preserved to ensure it's defensible in court.
- How the questioning of witnesses and experts can greatly influence your case.