Ask Anything: 10 questions with digital forensics expert Larry Daniel
Digital forensics expert Larry Daniel answers your questions about retrieving data from a computer, reducing your digital footprint and much more.
Posted — UpdatedHowever, the vast majority of crimes do not involve any kind of forensics work. Most crimes are solved using plain, old detective work such as talking to witnesses, looking for evidence and questioning suspects.
In major crimes like murder, rape or fraud, forensics may play a large role in connecting a suspect to the victim through DNA, computer and paper records and fingerprints.
There is always a trade-off between being secure and having convenience. In the long run, most people opt for convenience by storing their passwords on their computer, not using up to date anti-virus software and by using easy-to-guess passwords.
To reduce your digital foot print online, you should definitely be behind a firewall, do not store passwords in your Web browser and keep your anti-virus software up to date.
Do not store your passwords on the computer. I have seen documents on users' computers that list every password for every account they have, including their online banking and credit card accounts.
The foundation of computer forensics is actually data-recovery. Without the ability to recover deleted files, computer forensics would be a very limited area. You can even purchase data recovery software at major retailers that can recover your deleted files.
As far as Internet history goes, every browser stores history of the Internet sites that the user visits. You can turn this feature off on some browsers, and you can use the built in tools in the browsers to delete Internet history. To view the history on the computer, providing that it has not been deleted, you can simply use the history feature in the browser to look at sites visited.
However, make note that deleting the Internet history in the browser does not remove all the evidence of sites visited as some information is stored in different places on the computer, depending on which operating system is being used, i.e. Windows XP, Vista or others.
The simple solution that is fine in most cases is to use the recovery disks that came with the computer to do a destructive system restore. That will delete the existing partitions and re-create them like they were when the computer was prepped at the factory.
Be aware that this is not a 100 percent solution, as it will leave files in areas on the drive that can be recovered using forensics software.
To be 100 percent certain that no data is recoverable, you need to forensically wipe the hard drive using software that will overwrite the entire hard drive with ones or zeros. You can buy this software at some major retailers, download it from the Internet or have a trusted computer technician do it for you. We offer forensic cleaning of hard drives as one of our services as well.
Shows like CSI and movies that use forensics as part of the story line use a combination of real forensics techniques and “Hollywood” forensics. Many of the devices you see in movies and on television do not exist at all, or if they do, they do not perform as shown in these stories.
This is especially true regarding computer hacking that you see in movies and on television. You simply cannot break into the Department of Defense's computer network in a couple of minutes by entering some keystrokes into a computer.
Also, when you see someone attach a device to a computer in a movie and they get all the data in 30 seconds, that is plain fantasy. It can take hours to get a copy of a hard drive.
Formatting a hard drive does not erase any of the data stored on the drive. All formatting does is remove the table the computer uses to find those files, making them invisible, so to speak. Almost any data recovery software can retrieve files from a formatted hard drive.
I got started in computer forensics initially by doing data recovery for clients. That led to clients asking me to recover specific data that could be used in some types of civil cases.
When I started in this field, I already had more than 20 years of experience with computers and software, doing programming and hardware maintenance. Since 2002, I have attended an additional 100 hours of forensics-specific training.
The private sector is growing and hiring computer forensics graduates, however, I have not seen the growth in jobs catching up to the number of graduates as of yet.
Nearly all of the traditional forensic fields require advanced degrees and several years of experience to become an expert. Most of the experts such as forensic anthropologists, forensic psychiatrists and DNA experts all practice in a primary area or work as university professors/researchers and only do forensics as part of their practice.
All data can be used in criminal and civil matters under certain circumstances. I believe your question is more about, when can it be used.
The Fourth Amendment protection against unlawful search and seizure only applies to government entities such as law enforcement.
The Fourth Amendment does not apply to private searches. A private search can be conducted or authorized by anyone who has a legal right to the data stored on the computer, such as employers or spouses. Since computers are common property, spouses can give consent to a private search of the computer.
Also, it is important to remember that you can give up your right to privacy through several means:
- When you take your computer to a repair shop, you are giving the computer technician the right to any data on the computer because you have placed the computer in his or her custody.
- If you have peer-to-peer file sharing programs installed on your computer and are sharing files on the Internet, intentionally or unintentionally, you have opened the computer to the public and anyone can search the computer remotely, even law enforcement, without a warrant.
- If you give the computer away, the new owner has full rights to any data on the computer.
- If the police come to your door without a warrant and ask to search the computer, any adult residing at the residence can give consent, whether they own or use the computer at all. As long as the police reasonably believe that the person giving consent has the right to do so, it will normally be allowed in court.
If you have specific questions concerning privacy, your best avenue is to consult an attorney.
Read more Ask Anything interviews!
• Credits
Copyright 2024 by Capitol Broadcasting Company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.