Computer Forensic & Investigation
Summary
TLDRIn this interview, computer forensic expert Richard Marov discusses the growing role of computers in investigations, from gathering evidence to analyzing it. He highlights the varying levels of tech-savviness among police and criminals, the importance of data interpretation in legal cases, and the challenges of adapting traditional investigative methods to digital evidence.
Takeaways
- 📺 Computers are increasingly central to investigations in crime shows and legal thrillers, reflecting their growing role in real-world forensics.
- 👨💼 Richard Marov, an IT consultant turned computer forensic expert, discusses the importance of computer forensics in modern investigations.
- 🔍 The level of understanding of computer forensics among police departments and investigators varies widely, from knowledgeable to completely unfamiliar.
- 🤔 Disagreements often arise not from what is found on a computer hard drive, but from the interpretation of the evidence and its implications.
- 📑 Evidence in computer forensics includes not only hard drive data but also printouts that may contain hidden metadata like serial numbers and timestamps.
- 🕵️♂️ The ability to trace the origin of emails and identify whether they were spoofed is crucial in cases involving digital threats or harassment.
- 📈 Both civil and criminal cases can involve computer forensics, with experts often analyzing data for both prosecution and defense.
- 😮 Criminals' computer literacy ranges from naivety about the permanence of deleted files to sophisticated encryption techniques to hide incriminating information.
- 📱 Mobile devices, like smartphones, are becoming a common source of evidence due to their advanced capabilities and storage of call records and other data.
- 👮♂️ Law enforcement has established procedures for handling digital evidence, including making copies before analysis to ensure a fair defense.
- 🌐 Legal frameworks for acquiring digital evidence differ by country, with varying privacy laws and methods for obtaining data in criminal and civil cases.
- 📚 The field of computer forensics is evolving, with experts now expected to provide more detailed analysis as judges and lawyers become more knowledgeable and discerning.
Q & A
What is the significance of computers in modern investigations?
-Computers play a crucial role in modern investigations as they are used for evaluating and gathering evidence. Evidence that used to be on paper is now often stored on computer hard drives, making computer forensics a vital part of legal and criminal cases.
What is the background of Richard Marov, the computer forensic expert mentioned in the script?
-Richard Marov is an IT consultant who found a growing demand for computer forensic investigation due to the increasing use of computers in various businesses and activities. He helps in analyzing and interpreting digital evidence in legal cases.
How knowledgeable are police departments and investigators about computer forensics?
-The level of knowledge varies among police departments and investigators. Some are well-versed in the subject, while others may have a limited understanding, often requiring the expertise of computer forensic experts to interpret the evidence correctly.
What kind of evidence can be found on a computer hard drive?
-Evidence on a computer hard drive can include data files, computer printouts that may contain serial numbers, time, and date stamps, and other digital artifacts that can be crucial in legal investigations.
How does the interpretation of digital evidence differ between different parties in a legal case?
-Disagreements often arise in the interpretation of digital evidence. While one side might have a narrow interpretation, experts like Richard Marov can provide a broader view, suggesting multiple scenarios that could explain the evidence.
What role do computer printouts play in legal cases?
-Computer printouts can serve as important evidence in legal cases. Some printers include serial numbers and timestamps on printouts, which can help trace the origin of the document and its authenticity.
How is the anonymity of digital communication, like emails, perceived in legal investigations?
-Contrary to popular belief, digital communication is not anonymous. Investigators can often trace the source of emails and other digital messages, which can be crucial in cases involving threats or harassment.
What types of cases typically involve computer forensic experts?
-Computer forensic experts are involved in a broad range of cases, both criminal and civil. They may work for the prosecution, defense, or help in the analysis of digital evidence in legal disputes.
How do criminals handle digital evidence, and how does this affect investigations?
-Criminals vary in their handling of digital evidence. Some may mistakenly believe that deleting a file removes it from their computer, while others use sophisticated encryption to hide information. These actions can provide clues to investigators.
What are some challenges in dealing with digital evidence from mobile devices like smartphones?
-Mobile devices like smartphones can contain significant amounts of evidence, such as call records and frequently called numbers. Investigators must follow proper procedures, such as making copies of data, to ensure the integrity of the evidence and its admissibility in court.
How do laws and procedures for acquiring digital evidence vary across different countries?
-Laws and procedures for acquiring digital evidence can vary significantly by country. Privacy laws, for example, differ, affecting how data can be legally obtained and used in investigations.
Outlines
💻 The Role of Computers in Modern Investigations
In this paragraph, the discussion revolves around the increasing importance of computers in crime and legal investigations. Richard Marov, a computer forensic expert, explains how computers have become integral to gathering and evaluating evidence. He highlights the varying levels of understanding among police departments and investigators regarding computer forensics. Marov also discusses the challenges in interpreting digital evidence and the importance of having experts who can provide a realistic view in trials. Additionally, he mentions the types of evidence he deals with, such as data on hard drives and computer printouts, and how certain printers can embed serial numbers and timestamps in their prints, adding a layer of traceability to digital evidence.
📱 Expanding the Scope: Mobile Devices and Digital Evidence
This paragraph delves into the role of mobile devices like smartphones and PDAs in forensic investigations. Richard Marov notes that these devices, with their increasing capabilities, can hold crucial evidence such as call records and frequently contacted numbers. He emphasizes the importance of proper procedures in handling digital evidence, such as making copies of data before analysis. Marov also touches on the legal aspects of data acquisition, highlighting differences in privacy laws and methods of obtaining data across various jurisdictions. The conversation also briefly touches on the challenges of tracing the source of instant messages and the evolving sophistication of both investigators and criminals in the digital realm.
Mindmap
Keywords
💡Computer Forensics
💡IT Consultant
💡Evidence Interpretation
💡Hard Drive
💡Printers and Serial Numbers
💡Email Spoofing
💡Prosecutors and Judges
💡Mobile Devices
💡Encryption
💡Anton Pillar Order
💡Expert Witnesses
Highlights
Computer forensics is increasingly important in investigations as evidence shifts from paper to digital formats.
Richard Marov, an IT consultant, discusses the growing demand for computer forensic investigation in various businesses and scenarios.
Police departments and investigators vary in their understanding and use of computer forensics in cases.
Disagreements often arise not from the evidence found on a hard drive, but from its interpretation.
Computer forensic experts are crucial in providing a realistic view of digital evidence during trials.
Evidence in computer forensics can include data on hard drives, computer printouts, and other digital artifacts.
Some printers embed serial numbers and timestamps in printouts, providing additional evidence in cases.
The ability to trace the origin of emails and identify whether they were sent anonymously or spoofed is a key aspect of computer forensics.
Prosecutors, judges, and juries often require experts to explain the technical aspects of email headers and digital evidence.
Richard Marov primarily works in civil cases, assisting both prosecution and defense with computer forensic analysis.
Criminals vary in their computer literacy, with some using simple deletion methods and others employing sophisticated encryption.
Mobile devices like smartphones and PDAs are increasingly relevant in computer forensic investigations.
Police have established procedures for handling digital evidence, such as making immediate copies of data.
The need for a proper defense involves providing a copy of original data to both sides for expert analysis and interpretation.
Laws and procedures for acquiring digital evidence vary significantly between countries, affecting how investigations are conducted.
Experts in computer forensics must be able to explain complex technical findings in plain English for non-expert audiences.
Judges and lawyers are becoming more knowledgeable about computer forensics, leading to more detailed analysis requirements.
The evolution of computer forensics has led to more in-depth questioning and a deeper understanding of digital evidence by the legal system.
Transcripts
you all my uh years of TV watching I
never once saw columbos said oh yeah
there's one more question where's the
hard drive but nowadays if you watch
crime shows or legal Thrillers or 24
anything like that you know computers
really are a big part of Investigations
they're used for everything from
actually evaluating evidence uh to going
out and Gathering it today we're joined
by a computer forensic expert Richard
marov from mov.com he's here to talk
about how computers are being used to
bring the bad guys to Justice Richard
it's good to have you welcome glad to be
here so you do a lot of uh expert you
were originally an it yes yes I'm an IT
consultant and then uh I just found that
there was a growing demand for this
computer forensic investigation because
computers are being used everywhere
these days in all sorts of businesses
and all sorts of things and a lot of the
evidence that used to be on paper is now
on a computer hard drive somewhere how
how Savvy do you find that police
departments and investigators are about
this kind of thing yeah it varies it
varies I mean some uh really know what
they're talking about others just like
well I don't know we got this you know
computer stuff and and and you know I
find that in these cases there's usually
not much disagreement about what's on
the hard drive where the disagreement
comes is the interpretation what does
this mean right right and so sometimes
what happens is they find the other side
they just have a very narrow
interpretation saying the only way this
could have happened is this and I say
well no there's actually about 10 other
scenarios that could happen as well so
that's why somebody who really
understands computers is very important
in this kind of setting especially in
trial to to to give you a realistic view
of what what's going on here absolutely
so you say you know no I mean you have a
very narrow-minded view of why this
thing occurred or or sometimes they have
an entirely different interpretation so
so it's it's that sort of uh analysis
and interpretation that tends to be key
in these cases is it mostly data on a
hard drive that you deal with or what
other kind of evidence would you be
dealing with uh data in the hard drive
sometimes uh there's things like
computer printouts for example I mean
there's some printers for example it's
not necessarily well known but there's
some printers that when you print out a
page they actually put in the serial
number and the time and date of the
print out so I mean there's all sorts of
you know evidence uh that you know that
can come to bear in a case yeah I know
there was a big brewhaha a few months
ago about the Xerox docu color because
they put dots on the page and say who
printed it exactly but but you know in
the old days a detective uh could look
at a typewritten message and figure out
which typewriter came from so this is
just the same kind of thing for a
computer exactly it's sort of a
different way of looking at the same
thing but you know it came as a shock to
a lot of people that this is that that
this can be done they thought they were
Anonymous or people think they can send
send a nasty hate email anonymously uh
uh you know but that's not the case oh
so you get involved in stuff like that
to tracking down who sent that email
exactly sometimes people say hey I've
got this email here somebody is
threatened me uh or said something nasty
uh you know who sent it did it really
come from this person they denied they
sent it you know maybe it was spoofed or
maybe the person sent it and then later
decided to to deny it so well I'm sure
that comes up because prosecutors judges
and juries don't necessarily understand
what can and cannot be done with an
email header so they need somebody like
you to come in and say exactly so I look
at the header and say yes this appears
to be legitimate or no it looks like
somebody tried to try to spoof it you
know it didn't really come from Bill
Gates and Microsoft assume that that's
the case what what are some of the kinds
of cases are they mostly criminal are
they civil imagine it's a broad range
it's a broad range I would tend to get
involved mainly in uh civil cases uh you
know both both for the prosecution uh
and the defense as far as criminal goes
the uh police you know in terms of
prosecution they have their own experts
I would get involved some cases in in
terms of criminal defense helping out
people who were the police say this is
what it was exactly the defense may say
well wait a minute you know not so fast
there exactly so usually if there's a
computer involved both both sides in the
process if it's important element they
will have their own computer expert
involved to analyze and interpret the
data and you know can present their uh
their opinion as to what it means I
asked you how Savvy uh law investig law
law officers were how savvy are the
crooks are they pretty computer literate
uh it depends too I mean you know
sometimes they really don't know what
they're doing or they think that if they
delete a file that's really gone from
their computer uh you know and it isn't
and other times they're into you know
very sophisticated encryption trying to
hide things which of course also tells
you some evidence too like well if this
is encrypted highly encrypted well maybe
there's some key information in there
that's very valuable I once asked the
Secret Service you know what do you do
if because I mean there is strong
encryption that nobody can crack what do
you do if it's encrypted and they said
well we find that people usually give us
a password if we ask oh well that's one
way to do it yeah I guess so just ask
you know makes it easy uh sometimes I
guess there is tendency among criminals
sometimes to confess you know they want
to they want to get it off their chest
uh so we've talked about hard drives uh
what about mobile devices like cell
phones and pdas does that come up
sometimes too uh that comes up too I
mean now that they're becoming more
capable I mean you look at what's in a
lot of these uh new smartphones and they
really are like miniature PCS they have
their own processor they have their own
memory you know they have records of uh
phone calls made and it can be important
evidence uh you in a particular case you
know who called who when who's in the
database of uh you know of frequently
called numbers the the police have
pretty good procedures now for this kind
of thing I mean they established you
know like for instance you make an
immediately make a copy of the data
before you touch it that kind of thing
or yes yes yes because uh you know I
mean in order to have a proper uh
defense you have to have a copy of the
original data made available to the
other side to say hey here's here's what
the police used in terms of their
investigation you have to make a copy
for the other side say fine you get your
expert to analyze and interpret it and
you know so we're both starting at the
same base as opposed to you know only
looking at what the police expert said
that's all new for them I mean they had
good evidentiary procedures for you know
fingerprints and and and shoes and and
hair but hard drives this is all new
they had to figure this out from scratch
it is new uh but uh from my experience I
tend to do a pretty good job at least in
this area on it and uh you know just
give me the evidence and I you know I'll
look at it and come up with uh uh with
my opinion on it uh how about now we're
seeing of course in Canada Australia the
Philippines all over the world the the
laws of this kind of thing vary from
country to country or is it all pretty
consistent uh well laws do vary of
course privacy laws of course is very
different all yes and and like I'm not a
lawyer but I mean there's different ways
of acquiring the data I mean for example
I mean uh if it's a criminal matter you
know somebody has to get a search
warrant right um here in Canada for
example if it's civil matter there's
something called an Anton pillar order
which is roughly equivalent in which you
can basically you know go to somebody
and say yeah you know Discovery exactly
we you know we want this data and of
course as we know in the States you
don't need a warrant anymore you do
anything you want what are some of the
weirdest things you've heard of people
hiding and and where they've hidden them
well there's all sorts of different
things and people get concerned about
some things and and yeah you know I get
uh I got a call once this this is not a
case I accepted but you know there was
this woman who's very concerned about
some instant messages being sent uh uh
you know and this was about instant
messages that were that that were
apparently were nasty grams about we got
that call didn't we we got that call on
the show after they talked to you
Richard I think she called us and what
did you you said H honey you find
somebody else to help you on this one
well I said you know it's you know if
you want to trace back who you know
which 12-year-old child is sending
messages you know about your 12-year-old
child is it going to cost you a lot of
money she already went to the police and
the police you know weren interesting
yeah yeah have there been lately
landmark cases in this area that we case
law that things have come up things
always come up uh you know I think uh
what I find is that uh judges and
lawyers are becoming more Savvy in the
area and they're asking deeper questions
than before so what that means is that
from the expert point of view I'm having
to do more detailed analysis where maybe
I could have done a very simple report a
few years ago uh based on three or four
hours worth of work now I might have to
do a week's worth of work on something
because there's some very detailed
questions about things that they want
answer I think in the long run that's
good that means they're understanding it
better and and they're and they're
digging deeper absolutely I mean there
is a greater understanding of what's
going on I mean I mean the judges and
the lawyers they are not computer
experts but they are generally smart
people and so it's a matter in you know
from the work I do I have to be able to
take this computer jargon and sort of
explain it to them in plain English and
sometimes that means putting in charts
graphs you know explaining things that
are easy to understand for people who
are not computer exer but who are smart
people you're not dumbing it down you're
just making it accessible they need to
know it yeah it makes perfect sense well
if people need a
Посмотреть больше похожих видео
Pelaku Perundungan PPDS Undip Terancam Sanksi Ini! [FULL] - Dialog
Is Resurrection of Jesus Real?
The Dangerous Unreliability of Eyewitnesses
16x9 - Behind The Yellow Line: Real CSI [Police Documentary]
The forensic pathologist who helped solve the Gardens by the Bay murder case | CNA Lifestyle
Ahli Hukum Pidana Jelaskan Tentang Jenis Saksi Berdasarkan Kualitas | Breaking News tvOne
5.0 / 5 (0 votes)