Monday, 2 November 2009

Digital Forensic: State of the art

I think it is a long time for me not to post a new topic in this blog. For this reason, I apologise because I have been so busy with some crime scene processing and digital forensic analysis.

In this post, I would like to describe a more detail about digital forensic from investigation flowchart and digital forensic procedure to study case. It is in the form of a presentation which will be delivered at the British Council, Jakarta on 7 November 2009. At that moment which is 25th anniversary of British Chevening Scholarship Scheme, I am invited to deliver this topic as I was awarded Chevening scholarship when joining MSc in Forensic Informatics at the University of Strathclyde, UK in 2008/2009. This presentation can be downloaded at

On slide 3, I explain that in the investigation of the case of computer crime and computer-related crime, digital forensic gives fully technical support to criminal investigators in order to solve the case. Digital evidence found by digital forensic analyst will be basis for the investigator to decide further investigative steps. When the case is brought to the court, the forensic analyst will be requested to give expert testimony regarding the digital evidence found. If they can explain it properly, so it can be accepted by court as a strong evidence, no doubt at all.

On slide 4, it is described that digital forensic acts not only at computer crime, but also at computer-related crime. It means that digital forensic covers a wide area of investigation where computer is used. In this crime, computer has three roles, namely computer as the tool to commit the crime, computer as the target of the crime and computer as a media for storing data related to the crime.

On slide 6, the definition of digital forensic is given. It is the application of computer science and IT technology in order to solve a crime for justice purposes. Based on this definition, digital forensic plays some key roles, namely:
  1. To support and perform scientific crime investigation
  2. To perform forensic analysis on digital evidence
  3. To be able to describe a crime connection between suspect and evidence
  4. To deliver expert testimony at court.
On slide 8, I emphasize digital forensic princples which must be applied since digital forensic is performed. These principles derived from the guideline of ACPO (Association of Chief Police Officers), UK are as follows:
  1. Principle 1: No action taken by law enforcement agencies should change data held on a computer or storage media.
  2. Princple 2: The person accessing the data must be competent to do so and be able to explain the relevance and implications of the actions taken.
  3. Principle 3: An audit trail or record of all processes applied should be created and preserved.
  4. Principle 4: The person in charge has overall responsibility to ensure that these principles are adhered to.
The principles above must be applied by digital forensic analyst when performing the investigation of computer crime or computer-related crime. Once one principle is missed, so the results of digital forensic analysis becomes weak and doubted even it is possible to be refused by court. These principles are strict to implemented during the analysis.

On other slides, please download the presentation material from the link above. I hope it can be useful in positive meaning for someone who would like to apply and develop digital forensic. Good luck....!

1 comment: