Digital Evidence

This module opens up with a basic definition of Digital Evidence, the types of Digital Evidence and reviewing examples of the types of digital evidence. Then we explore the Rules of Evidence and what constitutes a federal regulation of how evidence is defined and we do from the perspective of different agencies. We discuss in detail the entire examination process from assessment to documentation and reporting.  And finally we wrap up a detailed discussion about the types of electronic devices, their storage capacities and how Digital Evidence is extracted from them. [toggle_content title="Transcript"] Hey, Leo Dregier here. Today we're going to talk about digital evidence, and that can mean just about anything in today's world. So we need to start somewhere. So first let's look at the definition of digital evidence. I encourage you to search for multiple definitions of digital evidence. I kind of have my own term which is realistically something that's digital that's going to make its way to court, okay? That, realistically, could be anything. I'm sure there's a formal definition out there, but that's okay. Okay, and so we're going to look at some of the characteristics here in a second, but first let's look at some of the types and factors, uh, with regards to digital evidence, okay? First of all, there's anti-digital evidence and anti-digital forensics, okay? And this has to deal with things that, like, for example, wipe drive and any program to zeroize or overlay, um, data on top of other data edit in an attempt to obfuscate it, or hide it, or manipulate it, or destroy it, okay? So that's always a challenge in the world of what we do because when we're trying to find digital evidence, someone else could also be trying to, un-hide it, okay? So some of the factors that go into this are basically volatile versus nonvolatile, okay? So you need to know the definitions of volatile versus nonvolatile; ransient data or the types of data that stays in memory until you reboot; fragile data, in other words things that can be overwritten quite quickly or temporary type data or temporary data in itself; uh, archive data, alright; uh, back up data; and things like that, alright? So, we're going to look at the scope of this, uh, especially with—through the lens of all the federal rules of evidence because remember we know is the, the definition here is digital evidence, okay? We don't have evidence if we can't get it into the court. So there's always going to be the legal factor of this, alright? So we're going to have to look at the federal rules of evidence and look at everything from Rule 104 all the way down to the end, uh, which I have listed here is uh, uh, 1004, okay? Also, we can look at the International Organization of Computer Evidence, IOCE, and the as well and see their take on this. The big picture of digital evidence in the examination process is we have to assess the evidence, we have to acquire it, we have to preserve it, examine it, and ultimately document and report. So we've said that a few times in the, in the introduction part of this course, but what we're going to do is we're going to take a, a much, much, uh, closer look at some of the details of what that looks like step by step, alright? And then we'll wrap up here with all sorts of, uh, electronic devices and this is what I—when I say hey, you know, digital evidence, what does that realistically mean? Um, it can be vast; it can vary a lot. There's many things that you would unconventionally not consider evidence that you now have to be an expert in, okay? So some of the easiest things that you were likely to have expertise in is basically computers and computer systems, okay? Because you're going to look for user created or user protected information or computer created or computer protected information. And that's kind of like, uh, our natural instincts with the subject of forensics. However, we'll look at all the different types of storage devices, um, access control devices, like biometrics and things like that, even something as simple as an answering machine. If it can store digital media even, you know, answering machine tapes for example, um, digital cameras, okay? Hand-held devices, networking devices, removable storage, also different kinds of scanners, and copiers, uh, credit card skimmers; they've become very, very popular in the world of fraud in the last couple years. Um, maybe something as simple as a digital watch, or a fax machine, or a GPS, alright? So there really is no limit to where evidence can reside. Um, again digital evidence, digital select some sort of electronic means; evidence suggests that we actually have to go get this into court. So everything from the federal rules, and the regulations, and the, uh, and in—the international rules as well, all the way through the actual types, we're going to cover that all in the next section. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?