Searching for digital clues

Collecting digital evidence of a cybercrime is not as easy as rounding it up for a real-world crime. Television episodes of CSI typically begin with a horrified bystander stumbling over a dead body in a dark alley.

Investigators quickly descend on the crime scene, armed with latex gloves, plastic baggies and DNA swabs to collect the physical evidence. Maintaining the chain of custody (preserving the integrity of the evidence) is a fairly straightforward process.

Not so with digital evidence. First, IT staff are often not even aware they’ve stumbled across a crime scene.

The first inkling frequently originates with a user complaints about their systems’ performance, and evidence is discovered in the course of routine troubleshooting. But digital evidence is easily tainted, inadvertently, by IT staff in the course of carrying out their job duties.

Establishing the timelines of an incident is crucial, and therein lies a major problem. Browsing files or opening logs to figure out the situation automatically changes the time stamps. “Just by booting a Windows machine, 70 to 100 files and time stamps are changed,” said Inspector Robert Currie, officer in charge of the RCMP’s Technological Crime Program.

Also, temporary information is often stored in “slack” space: unallocated space on the hard drive that the CPU may overwrite later.

Perpetrators sometimes connect to peripherals like an external CD to copy information, said Hamel, and metadata about that is stored in slack space. When IT staff browse a system, the chances overwriting and losing that information increases.

Routine troubleshooting conducted by IT staff can be discerned when doing a forensic analysis, explained Ren

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now