Two months ago digital forensics experts working in the United Kingdom assisted British law enforcement in catching a computer criminal. There’s nothing out of ordinary about that; it’s a routine arrangement on both sides of the pond. What was interesting was how they uncovered what was otherwise thought to be untraceable data from the suspect’s smart phone. Using their methods, this forensics service was able to use the information collected by Google when the phone’s web browser used the search engine.
These analytic cookies revealed the exact time of the searches, the number of searches and website visits, and the means in which these websites were found through other links. This gave the investigative team a chance to construct a reliable timeline of events that assisted in charges being brought against the suspect. In accordance with British law the name of the suspect and specific details about the charges cannot be discussed.
I figured this little story, however unremarkably Orwellian in light of recent revelations about Apple tracking iPhone users and Sony allowing its build up of online user credit card information to be stolen, highlights the need to start seriously considering your digital footprint. I’m not advocating in any way activity that could be considered criminal computer conduct, but knowing not only the capabilities of the software and hardware manufacturers who’s telecommunications devices you use but also the ways in which these capabilities can infringe on your civil liberties. It’s not that you want to hide the fact that you’re a criminal; it’s that you need to safeguard yourself in case you ever become a suspect.
You need to know about things like chain of custody. In computer forensics, computer usage is equated to the visiting of a crime scene. Once a crime is suspected to have occurred, all movement in and out, and any information brought in or taken out, has to be logged. So if at some point a confiscated computer was turned on and the activities therein weren’t logged, then tampering could become a legitimate argument. Information, if not ritualistically logged and kept track of, will become easily open for attack.
Reboots and even simply starting up a computer normally could have terminal effects on a digital investigation. If the computer is registered to receive remotely installed updates or other third party applications, then any information that’s found after the fact can be argued as planted. Amateur digital investigators unaware of these particulars can spend months naively collecting data only to have it all thrown out in court.
If you’re concerned about the growing demand for law enforcement to digitally pursue their suspects, or are in fact impressed by this science, I implore you to look into it. It’s a study that is only going to become more sophisticated as time goes on and Google gets better at knowing everything about you.