8 Myths and Facts about Digital Forensics Investigations

Myth #1: Any and all Data Can Be Recovered

FACT: When the storage medium is extremely damaged, this is not always possible.

However, not all data that is deleted is gone for good. Data that is fragmented, corrupted, deleted, and overwritten can be recovered in many instances with the help of professional data recovery solutions such as DRS by SalvationDATA that allows you to extract data from all types of storage media and devices. On many occasions, the exact digital forensic process steps are centered around extracting data from all sorts of devices, including smartphones, computers, CCTV cameras, databases, servers, etc.

As a matter of fact, extraction and recovery is often the tricky part of the digital investigation process and it needs to be executed with the utmost precision before data analysis can even begin. After all, a digital forensics examiner needs to avoid causing further damage to the files and make sure the evidence is admissible in court.

To make matters worse, data needed to draw crucial conclusions about a case is often scattered around different devices, thus complicating the process of digital forensics even further. This is why, sometimes, partial recovery is the best outcome of forensic data extraction.

Depending on the severity of the damage sustained, some data is recoverable and some are not.

Myth #2: Digital Forensics Experts Gather Evidence and Draw Conclusions in Real-time

FACT: It takes time. A LOT of time.

The primary focus of any digital investigation process is to uncover the truth. After all, we need to prove who’s guilty of a crime – guesswork simply won’t do. As such, the entire digital forensics investigation process can sometimes take weeks or even months.

Every case is a different story in this regard and there are many obstacles that can come in the way. Examples include anti-forensic measures, device and evidence destruction, encrypted data, legal limitations of what a digital forensics examiner is allowed to do, etc. And that’s not even accounting for the duration of the initial digital forensic acquisition process and how long it takes to secure the evidence that is yet to be analyzed.

Popular TV series can sometimes give you the wrong impression of the longevity of the digital forensics process that completely skews your sense of time. Since a typical TV episode tends to be around 45 minutes long, so is the length of a digital forensics investigation, right? Wrong. If only!

FACT: According to Gwynedd Mercy University, computer forensics professionals may take months or even years to fully extract and recover the data needed during digital forensics investigations. (Source: Gmercyu.edu)

Myth #3: Any Password and Encryption Can Be Hacked

FACT: It depends on its length and complexity.

If the password is “1234” or the name of a person’s pet in lowercase letters, sure, even a computer with weak processing speed can crack it in a matter of minutes.

But if the suspect is familiar with best password practices that involve making it long, complex, and including capital letters, numbers, and special symbols, this is more than just a simple obstacle that obstructs the computer forensics process.

FACT: Real computer hacking is nothing like it’s portrayed in the movies. According to TechRepublic, an 8 character password can be cracked in less than an hour. (Source: Techrepublic.com)

Myth #4: Poor Quality Video Can Be Enhanced Infinitely

FACT: Video enhancement is possible only to some extent and with certain technical and legal limitations.

You’ve seen it a million times on TV. During forensic video analysis, the blurry mess of video footage can be “magically” zoomed in and enhanced to the point of crystal crisp visibility and flawless quality. What used to be pixelated… is now clear. If only video footage quality enhancement was this simple!

There’s no need to overstate how the reality of forensics investigations is quite different. With the emergence of AI technology, however, there are now options that weren’t available before. With smart learning and a bit of guesswork, AI technology can “fill in the blanks” and smooth out the rough edges and pixelated areas to some extent.

The problem with this, however, is that AI-assisted video enhancement is not an option if you want to present the footage in court and make it admissible as evidence.

There are certain limitations as to what AI can do about the corrupted, fragmented, and pixelated video footage.

Myth #5: Digital forensics Is all about Computers

FACT: Technology keeps evolving and there’s a plethora of different devices, each requiring a specialized approach.

Contrary to popular belief, a computer forensics investigator also has plenty to do with other things and not just computers alone. The fact of the matter is, nowadays, there are various devices consumers can buy at affordable pricing. Netbooks, laptops, smartphones, smartwatches, smart vehicles, and even smart refrigerators, all of which can contain relevant information that’s vital to solving a case.

All of this introduces a whole new set of challenges to the traditional digital forensic process model that only used to involve dealing with computers and traditional IT tech. To crack a case, digital forensics examiners also have to analyze and extract data from phones, databases, and other devices, all while wrestling with encryption, hacks, passwords, and malware of different sorts.

Smart devices of various sorts are now a part of everyday life.

Myth #6: Digital Forensic Investigators Possess God-like Abilities

FACT: Digital forensic investigators are only human and are thus limited by law, technology, knowledge…

In TV shows, digital forensic investigators are often portrayed as superheroes or as having semi-godlike abilities. Oftentimes, as part of the story, they are even allowed to break the law – since they are the good guys, they ought to be given some slack in this regard, right?

Unfortunately, forensics investigations need to stay within the boundaries of the law, otherwise, the opposing legal representation will have an easy time defending the suspect accused of a crime and dismiss the forensic work and evidence as invalid and inadmissible.

In fact, legally gathering, preserving, and storing the evidence is one of the first stages of a digital forensic investigation, often referred to as the chain of custody principle.

In no shape or form can anyone involved in the digital forensics investigation skip over the crucial digital forensic process steps, let alone break the rules. At least not without facing the kind of consequences that can sink the entire case.

Digital forensics experts, despite their level of education and intellectual capacities, are no superheroes.

Myth #7: Digital Forensics Methodology Is Only Used to Crack High-profile Cases

FACT: Devices are common in everyday life and store a wealth of data, thus the need for digital forensics in common scenarios involving crime.

From IoT, smartphones, and all the way to smart wearables and vehicles, nowadays we’re surrounded by smart devices of various shapes, sizes, and purposes. This means that modern digital forensics investigations need to tackle several different areas of crime that goes beyond the conventional norms. This opens up a whole new landscape of digital forensics investigations.

Aside from terrorism, robberies, and other high-profile crimes, digital forensic examiners are now also asked to hunt down the suspects of petty theft, vandalism, hit and run crimes, and so forth. In fact, they may be even tasked with investigating internal company policy violations, forgeries, and patent violations, something that’s not typically associated with this line of work, at least in the public eye.

Did you know that forensics experts are sometimes tasked with investigating art forgeries?

Myth #8: Digital Forensics Investigators from Every Country all Stick to the Same Approach

FACT: The exact digital forensics methodology steps often vary from country to country.

For some reason, people are inclined to think that there is a one-size-fits-all approach to digital forensics investigations all around the world. This is not the case at all and the methodologies they may rely upon when conducting a digital forensics investigation are far from unified. Sometimes, the situation at hand is so complex that there is no standardized approach to solving it, which calls for educated improvisation and a sophisticated level of autonomy.

The differences can go even deeper than country-level. Every government and every organization might face unique challenges and have to be compliant with different rules and regulations to make evidence admissible in court. Thus, even though the approach they choose to take might look similar, there are likely to be subtle workflow differences that require them to take different steps in the digital forensic process to reach a scientifically and legally sound conclusion.

Furthermore, their approach may differ based on the hardware they have available and the digital software tools they have access to. For instance, several Asian law enforcement agencies have upgraded their existing and often outdated software and switched over to SalvationDATA’s Digital Forensic Lab, a one-stop digital forensics solution that allows you to tackle complex cases from multiple angles without experiencing a steep learning curve or technical setbacks.

Moreover, it’s a cost-effective solution that displays the evidence extracted in an organized manner, resolves software incompatibilities, improves your professional credibility, and it can even be used to automatically generate entire digital forensics reports with full compliance

All in all, it incorporates the industry’s top technology to help you stay on top of crime, no matter how complex the case you’re dealing with maybe.

A reputable law enforcement organization needs a professional one-stop digital forensics software solution like SalvationDATA’s Digital Forensic Lab.

Conclusion

To some degree, romanticizing the process of digital forensic investigation is not wrong per se. In fact, many people who later on decided to go down this professional path used to be guilty of doing this as kids.

But hopefully, what we’ve shared with you today can help you develop a more accurate view of what a digital forensics investigation entails and how oftentimes reality tends to differ from people’s pre-conceived notion of it.