What is Digital Forensics?
The term ‘digital’ relates to the examination of computers, phones, memory cards, USB memory sticks, digital cameras and any other type of device that contains digital storage.
The ‘forensics’ aspect relates to the method of examination that, where possible, avoids alteration of the information contained on the digital devices so that the content of them is the same after the examination that it was before it was conducted. This process, along with the methodology, understanding of the examiner and record keeping allows the findings of the examination to be admissible in court.
A digital forensic investigation will normally involve the review of specific files present on a device that are relevant to potential or existing legal proceedings of various types.
Mobile Phone Forensics
A digital forensics investigation within court proceedings can vary greatly depending specifically on the requirements of the case, for example, it can involve the examination of mobile phones to produce all communication present, including WhatsApp or Facebook Messenger, often including deleted messages, between specific dates or between specific contacts.
The mobile phone service providers retain history of any activity over their network for a period of 12 months within call data records and these can be obtained if a RIPA request or court order is made to the relevant provider.
The mobile phone call data records provide an overview of any calls made over the network or text messages sent and any data usage. These records assist in confirming who was communicated within and when or where the phone was at a specific time that the communication occurred, including if the activity has been deleted from the user’s phone.
However, the call data records do not include the content of any messages and, if any messages were sent via WhatsApp or Facebook Messenger or via any other application that uses a data or wifi rather than the mobile network to send or receive messages or make calls.
For example, if WhatsApp were used to make a phone call, the service provider call data records would, at best, detect that data was used at the relevant time, however, it would not be able to determine that it was data usage by WhatsApp and, if the phone was connected to a wifi network then the call would not appear within the call data records at all.
By conducting an examination of the phone itself, any messages that are present including the content of them, the time and date of them and the sender/recipient can normally be retrieved, often including any deleted messages. Messages sent via WhatsApp and Facebook Messenger and many other messaging applications are encrypted meaning that the content of the messages can only be read via the sender or the recipients phone.
It is also possible to retrieve the location information from the phone itself, for example when a photograph is taken or a wifi connection is used, the location of it is recorded. This can also be used to identify the location of the phone at the time, though this is dependant upon the handset and the specific settings of that handset at the relevant time.
A digital forensic investigation may involve the review of a computer or a mobile phone to confirm the presence of a file or files that have been identified by the Prosecution.
Often there is then a requirement to review digital evidence to determine whether the files had been intentionally and deliberately by the user or whether they have been inadvertently stored without the knowledge of the user.
To do this would normally involve assessing the provenance of the files which would include identifying the time/date of creation of it, identifying the location of it and the significance of that as well as recovering and reviewing the other activity on the device to assess whether the specific source of the file can be found and who the likely user was at the time of creation of the evidence and whether it had been deliberately stored.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0330 123 4448 or via email on firstname.lastname@example.org, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensic investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.