Computer forensics and expert digital evidence

Computer forensics evidential data

    Sector Forensics is one of the first generation computer forensic companies in the world, providing expert digital evidence to the business, legal and law enforcement communities since 1999. We were supplying computer forensic services before many people really appreciated the value that evidential analysis brings to criminal proceedings.

    Cases have included high profile Intellectual property cases, e-disclosure, industrial espionage, corporate theft, regulatory compliance, miscellaneous fraud, carried out civil search orders and we have acted as single joint experts. We have provided expert witness evidence to in excess of five thousand cases, consisting of tens of thousands of digital devices.

    The criminal cases have included investigations for the Anti-Terrorist Branch, National Security Investigations for Special Branch, as well as cases dealing with the distribution and possession of adult/child pornography, murder and fraud inquiries as well as work for the United States Department of Justice Criminal Division.

    We pride ourselves on demystifying evidence so that clients understand the value of the information and evidence they have and are able to use their expertise to win their case. Sector Forensics always meets customer deadlines which may at times mean working throughout the night to bring the results to our clients.

    Michael Scott, Director of Sector Forensics, took time from his duties to share a typical day.

    A day in the life of a forensic investigator

    My Alarm Goes Off…
    At 7am, like many people, one of the first things I do after getting my Earl Grey tea is grab my phone and check the latest happenings in the world. I’m organised so even my current affairs surfing is tailored to my interests using MSN and Flipboard to keep abreast of the latest news and the Wired website for gadget reviews. I also love watching Ted Talks.

    The computer forensics industry is forever changing as technology advances, our job is to be at the forefront of this development and ahead of whatever technology could be used next.  What took my eye today was the latest car hacking technology; this remotely accesses cars without the user’s knowledge and then controls vital components like the brakes and plays with the multimedia systems (try using that as an excuse for getting to work late). It’s also great to see on the news this morning that one of our cases has successfully led to a prosecution at court which helped to remove a person who could be a great danger to the public.

    After a quick strum on my electric guitar trying to play ‘Muse’s Knights of Cydonia’, it’s down to work with my trusty Nexus 6 (a forensic analyst’s dream toy) in my back pocket. I’m off to officially start my day.

    I’m Responsible for…
    I’m Director of Sector Forensics, overseeing all cases into and out of the company, keeping our UKAS ISO quality standards up to date, reviewing all procedures, processes, checking all of Sector Forensics work, reviewing statements and reports to make sure that our clients can clearly understand what the examination results mean in real terms to their cases, taking complex ideas and making sure that they are in plain English.

    A Typical Day…
    There really isn’t a typical day, each day is very different to the next and this is why after many years the job still holds my interest. I still carry out case work regularly and really enjoy going to court as an expert witness. For me there is nothing better than taking part in a case from start to finish, attending Civil search orders or Police raids to gather evidence, carrying out the forensic analysis looking for the specified data, producing reports, attending case conferences and finally attending court to give the evidence or advise on others evidence.

    All jobs start with taking a copy of data from submitted items like computers, mobile phones, tablets, satellite navigation devices in such a way as to not change any data on the original devices; this process is commonly referred to as ‘imaging’. Once the image copy has been taken the original device can be put back into our safe storage – an old bank vault with biometric fingerprint access – so that we can work solely on the copies taken.

    Using various forensic tools we search for key data in the ‘accessible’ area that any user would be able to see on their device and the ‘inaccessible’ area for data, some of which may have been deleted or overwritten. I liaise with solicitors, barristers, the Police and our other clients keeping them informed of work progress and sending them any key data that we may have found from the day’s investigations.

    Most Memorable Work Moment…
    There have been lots but the one that I am most proud of is receiving a Commendation by the Assistant Chief Commissioner of the UK’s Metropolitan Police for ‘Outstanding technical skill in providing computer evidence which directly led to a conviction for a breach of the Official Secrets Act’.

    Least Memorable Work Moment…
    It would have to be my first experience at court attending the Old Bailey in the 1990’s to give evidence. I was reading out the oath which I had vigorously practiced learning off by heart, but as I found out it was a slightly different version which ended up in me stating ‘So help me God’, for which the Judge replied that he would like me to read it again without any ‘help from God’ for which I could hear some muffled sniggers around the court. At that point I found out that there was no place to hide behind a lectern.

    Most Interesting or Rewarding Cases…
    An industrial espionage case where a company (“Company A”) had just lost a multi-million pound haulage contract to a new company (“Company B”). On investigation of the computers, we found that one of their employees had been intercepting all of the contract bid details and passing them onto a third party in (“Company B”) who had won the contract by undercutting the price of (“Company A”). After court proceedings “Company A” was awarded the contract.

    We were working on behalf of the Church of England to carry out an investigation into missing rare artefacts. Upon investigation of a number of computers, a small Parish in England was identified which had been selling priceless books from the Church’s collections without permission. These sales via well known trading sites were then reinvested in the local church and its services.

    We examined a number of computers and mobile devices, providing evidence that led to the successful convictions pertaining to Human Trafficking stretching back a large number of years, where girls were brought in from Thailand and forced to work in the sex trade in the UK.

    Where do you see Sector Forensics in the next few years?
    I hope to see greater links between companies, charities, Government law enforcement and taskforces working closer together to bring about long lasting change. So that the UK really is at the cutting edge of cybercrime. Technology is always evolving and working in a company that is at the forefront of technology is an exciting but yet challenging prospect.

    On the one hand electronic devices holding data are getting smaller and more integrated into every day products, so we are constantly researching new techniques to capture this data which may prove key in future cases.

    On the other hand we are looking at new ways of handling ‘Big Data’ (massive and/or complex data sets) where existing techniques aren’t appropriate or impractical.  We are researching cost effective handling of investigations where millions of emails and documents are stored and need to be searched across a global organisation in a short amount of time without disrupting work flow.