What are three 3 sources of digital evidence?

Índice Show

Imaging electronic media evidence
Why the preservation of the sources of investigation is important
Physical Evidence
Forensic Evidence
Digital Evidence

Digital evidence can be collected from many sources. Obvious sources include computers, mobile phones, digital cameras, hard drives, CD-ROM, USB memory sticks, cloud computers, servers and so on. Non-obvious sources include RFID tags, and web pages which must be preserved as they are subject to change. Extra care must be taken to avoid any contamination or modification of the data sources which are the subject of the digital forensic investigations.

We will take special care when handling computer evidence: most digital information is volatile can be easily changed, and once modified, it is usually difficult to detect the changes or to revert the data back to its original state. For this reason, we will carry out and calculate a cryptographic hash of digital evidence and record that hash in a safe place to prevent any computer evidence contamination. This is essential as the computer forensic investigators will be able to establish at a later stage whether or not the original digital evidence has been tampered with since the hash was initiated and calculated.

Imaging electronic media evidence

As as an initial stage of our computer forensic investigation, we may have to to create an exact duplicate of the original evidentiary media. We use a combination of standalone hard-drive duplicators or software imaging tools so that the entire hard drive is fully cloned. We will do this at the at the sector level, making a bit-stream copy of every part of the user-accessible areas of the hard drive which can physically store data, rather than duplicating the file system. We will then transfer the original drive to secure storage to prevent any tampering. During the imaging process, we will use a write-protection or write-blocking device or application to ensure that no information is introduced onto the evidentiary media during the computer forensic investigation process.

Why the preservation of the sources of investigation is important

Preservation of the sources from which we collect evidence is essential otherwise the chain of custody will be lost and all the results of the digital forensic investigation will invalidated. In addition to this, all the steps taken in collecting digital evidence must be recorded so that it verifiable if required.

Device	Types of Potential Evidence
Digital/Video Camera	Pictures Videos Files stored locally or on media card
Cell Phone	Text Messages Call Logs Applications used Social Media accounts Everything from All Categories
Computer/Laptop	Everything from All Categories Social Media accounts Internet Search History Documents Email (Non-web-based)
Mobile device	Everything from All Categories Applications used Social Media accounts
Game consoles	Pictures Videos Documents
File Storage (Hard drive, thumb drive, optical media)	Everything from All Categories
Internet of Things (IoT)
Wearables

Law enforcement agencies also generate digital evidence:

Device	Types of Potential Evidence
Automated License Plate Readers (LPR)	License Plate Images· Pictures of Cars Geolocation Metadata
In-Car/Body-Worn Cameras
Unmanned Aerial Systems (Drones)
Interview Room Recording Systems
Closed Circuit Television (CCTV)
TASERs

Every time there’s an investigation conducted for a criminal case, evidence is required to uncover the truth. Investigators are responsible for seeking and collecting data that can be used to get more details about the case and determine who the culprit is.

Evidence exists in various forms. Even if a particular form of evidence isn’t allowed to be used in courts, investigators can still use it to get more insight into the case. Let’s take a look at three of the most popular types of evidence used in investigations.

Physical Evidence

The first thing investigators look for is physical evidence at or near the crime site. This includes tangible objects that indicate what may have transpired at the site. For instance, things such as weapons, broken items, residue, or unusual objects can be considered physical evidence. In addition to this, physical evidence also includes elements that can be recorded or documented. For instance, burn marks on a countertop, bloodstains on the floor, or placement of certain items such as labels or lighting can be documented as physical evidence.

Physical evidence is also often referred to as material evidence. It may be presented in court either as a physical object or as documentation. For instance, investigators may describe the crime site in text or use images to show the setting.

Forensic Evidence

Forensic evidence refers to the scientific evidence obtained that investigators can use to ascertain a suspect’s complicity or innocence. It includes material such as fingerprints, DNA, ballistics reports, or other trace evidence.

This form of evidence is considered to be an extremely reliable tool for investigations. A majority of criminal cases use reliable scientific forensic evidence to convict criminals and free innocent suspects correctly.

Digital Evidence

Another form of evidence that has gained popularity in the last couple of decades is digital evidence. This refers to any type of digital file extracted from an electronic source. For instance, audio and video clips, emails and text messages, and other documents extracted from storage systems, servers, and hard drives count as digital evidence. Investigators can also obtain digital evidence via home automation devices, video game consoles, and other lesser-known sources!

Famous criminal cases such as those of the BTK Killer and the Craigslist Killer have been solved using digital evidence.

Having said that, collecting digital evidence is more technical than it sounds. Extracting information from digital sources requires a particular skill set and expertise. It’s also tricky to properly preserve digital evidence for the right time.

This is where our team comes in the picture. Eclipse Forensics is a certified digital forensics agency in Florida that specializes in audio forensics, cell phone searching, forensic video analysis, and other digital forensics services in the state. Contact our team today!

Computers are used for committing crime, and, thanks to the burgeoning science of digital evidence forensics, law enforcement now uses computers to fight crime.

Digital evidence is information stored or transmitted in binary form that may be relied on in court. It can be found on a computer hard drive, a mobile phone, among other place s. Digital evidence is commonly associated with electronic crime, or e-crime, such as child pornography or credit card fraud. However, digital evidence is now used to prosecute all types of crimes, not just e-crime. For example, suspects' e-mail or mobile phone files might contain critical evidence regarding their intent, their whereabouts at the time of a crime and their relationship with other suspects. In 2005, for example, a floppy disk led investigators to the BTK serial killer who had eluded police capture since 1974 and claimed the lives of at least 10 victims.

In an effort to fight e-crime and to collect relevant digital evidence for all crimes, law enforcement agencies are incorporating the collection and analysis of digital evidence, also known as computer forensics, into their infrastructure. Law enforcement agencies are challenged by the need to train officers to collect digital evidence and keep up with rapidly evolving technologies such as computer operating systems.

On this page, find links to articles, awards, events, publications, and multimedia related to digital evidence and forensics.

View related publications