Expert Witness Corner: The Importance of Computer Forensics in Criminal Law

In many instances old, or conventional crime is perpetrated using new approaches that are reliant on technology. Postal fraud, for instance, has evolved to employ electronic communication channels, giving rise to waves of emails seeking to defraud recipients with promises of money and fictitious prizes (commonly known as ‘419 scams’ as many of such notes tend to originate from the African continent and 419 is their penal code for wire fraud).

Studies into the cost of cyber-crime, commissioned independently by the Department of Trade and Industry (DTI) reveal alarming trends in the abuse and misuse of technology. The average cost per security incident has risen to over £160,000 and nearly one in four businesses in the UK have suffered a serious hacker attack or virus outbreak. The impact of an information security breach can be so devastating to business operations that one in ten never actually recover and the shutters close permanently. To counter this growing threat, security and law enforcement agencies have adopted fresh approaches for dealing with high technology crime.

Forensic Computing is a relatively young science when compared to contact forensics such as fingerprint recognition which have roots that can be traced back to Edmond Locard, who in the early 1900s famously postulated the theory of evidence being left as ‘mutual exchanges of contact’. Whilst various descriptions exist in relation to this practice, the international survey undertaken by Hannen has been taken as the de-facto definition: ‘Processes or procedures involving monitoring, collection, analysis… as part of ‘a priori’ or ‘postmortem’ investigations of computer misuse’. It is important to appreciate that this definition takes a wider view than the conventional reactive description, where forensics was regarded purely as an incident response function. Hannen considers digital forensics as also taking a pro-active role in security, where it can be combined with intelligence and operational planning.

As a serious field of research, forensic computing studies only started to take real form in the early 1990s when, faced with ever increasing numbers of computers being seized at crime scenes and the potential for crucial evidence to be stored on a PC, various government agencies came together to host the International Conference on Computer Evidence (ICCE). Here many of the challenges facing law enforcement communities were aired and agreements forged to cooperate towards finding effective solutions.

Two years later, in 1995, the International Organisation for Computer Evidence (IOCE) was formed, and a further two years later the member states that comprise the G8 subscribed to the mission of IOCE, pledging support for the organisation. This was the catalyst required to stimulate research and development, and since then great advances have been made in all spheres of digital evidence management. When working on a matter where the case will rise or fall on the strength of digital evidence, for example where an allegation of possession of indecent images has been made, it is important to commission an independent forensic examination of all evidence and digital materials. This places the evidence into the wider context of the offence and enables barristers to make directions to the court based on a fuller appreciation of matter.

Assuming material has been seized by the authorities, the state will usually conduct their own forensic assessments (typically undertaken by the regional police hi-tech crime unit), the results of which will be provided to legal representations. The mechanics of this process involve the ‘imaging’ of the ‘target media’ – the process of making a forensically sound duplication of digital materials of interest (e.g. the computer hard drive). During this duplication process a ‘write-blocking’ device will be employed to ensure the target media is not affected or corrupted in any capacity whilst its content is read and mirrored. The actual forensic analysis is then made upon the duplicated material, with the original placed into secure storage and maintained in the state in which it was seized. The forensic analyst will then peruse the imaged copy to identify materials of potential evidence value, extracting copies as necessary to form the basis of the expert report.

Looking at this from a defence perspective, a number of questions should be posed in relation to the digital evidence (based on the Daubert threshold test that evaluates the competency of evidence in the United States):

• whether the theories and techniques employed by the scientific expert have been tested;

• whether they have been subjected to peer review and publication; • whether the techniques employed by the expert have a known error rate;

• whether they are subject to standards governing their application; and

• whether the theories and techniques employed by the expert enjoy widespread acceptance.

Putting abuses of technology on a statutory footing, Britain has a suite of legislation that can be invoked, from the Computer Misuse Act 1990 to the Regulation of Investigatory Powers Act 2000.

Today digital forensics is an accepted science, and evidence duly secured in relation to best practices (in the UK these guidelines are outlined by the Association of Chief Police Officers) can be served in a court of law. Digital forensics are providing breakthroughs in all manner of high profile cases around the world, helping security and law enforcement agencies to catch offenders and secure convictions.

In the US, for example, the notorious BTK serial killer that had a reign of terror lasting over twenty five years in the Wichita areas, was ultimately tracked down after he sent a disk to a local radio station gloating at the police’s inability to catch him. Unique digital footprints embedded within the files were extracted by forensic specialists, and like a lone fingerprint, investigators now had a powerful lead – all they needed was to match the file to the computer that had created it (much like having a fingerprint but not a suspect’s hand to match it with). Wichita Police then conducted a house to house search, taking file samples from every computer encountered. Back in the laboratory, the file footprints were compared to the sample disk posted by the BTK killer, eventually finding a match. This tied the floppy disk to Dennis Radar’s PC, a virtual smoking gun as far the prosecution were concerned. This digital evidence became a pivotal element of the State’s case and ultimately helped secure a conviction.

In the UK the 2002 murders of Holly Wells and Jessica Chapman in Soham, Cambridgeshire, also saw digital forensics play a crucial, but largely unknown, role in the investigation. Technical analysts examined one of the girl’s mobile phone to identify where it was located when it had been turned off. Information on the nearest network communication tower tends to be stored in a phone’s memory and when the signal coverage of that tower is plotted, it is possible to identify the rough area (typically a few square kilometres) in which the phone was located when it was switched off. Having extracted this information from the handset, authorities had a rough idea of where to base their search; which ultimately led to the recovery of the two girl’s bodies.

Speaking in an interview several years after his pioneering research on the Manhattan Project where atomic reaction theory was developed, scientific visionary Oppenheimer explained that ‘the scientist is free to ask any question, to doubt any assertion, to seek for any evidence’. This thinking holds especially true when applied to the discipline of forensic computing in a legal context. Here experts may be instructed by either the prosecution or the defence, however, in either instance, they have a higher duty to the court. They are instructed as experts, but experts for the truth. It is important therefore to ensure that the experts instructed are duly qualified, experienced and independent.

Commenting on the nature of digital evidence, John Brown, Partner at Hogan Brown Solicitors, explained how the fragile nature of digital evidence can pose serious challenges to the investigator: ‘digital material is extremely volatile – perhaps more delicate than its physical counterparts. It can be copied, amended, and transferred without almost any trace – only experienced and qualified specialists should be employed to work in a digital forensic environment if the subsequent findings are to withstand the scrutiny of a court of law’. When working on a matter where the case will rise or fall on the strength of the digital evidence, perhaps where an allegation of possession of indecent images has been made, it is important to commission an independent forensic examination of all evidence and digital materials. It is also important that lawyers, when they try to find an expert witness choose someone with the necessary skills who is not only able to prepare an objective, unbiased report but also deliver oral testimony if required.

Forensic computing and the securing of digital evidence is a powerful tool in today’s fight against increasingly technically-savvy criminals. It is a discipline that continues to evolve and should remain high on the radar for both legal practitioners and law enforcement authorities.

Ross Patel is a forensic computer consultant with Afentis Forensics. You can view the company profile and find an expert witness at X-Pro UK, the innovative expert witness directory.

Find More Expert Witness Articles

Importance of Movie Quotes

A line, two, or three couldn’t be forgotten if you watch a very good movie. Movie lines, especially quotes, are but necessaryto a movie. They giveout the best of the movie. May it be a love quote or a funny one, the whole movie is unforgettable when you recall the quotes in it. Quotes are the mainingredients, not spices to a movie. It isthroughthis quotes, and/or lines that a movie is remembered.A quote from the Jerry Maguire movie (1996), “You complete me…” Yes, this is real with movies. Without quotes, movies are deficient.

Movies today differ a lot in categories. Different types like suspense, action, love story, and comedy are just some watchable and fascinating movies. The diversities of movies based on their genre may terrify you or jump to your seat; or it may make youangry; make your weep; or in love. A quote is a simple commemorationof how you feel about the movie. Many movies are forgettable. Yet, what makes a nicemovie? Do you really need a good actor or the unsurpassed director? How importance is delivering a quote, or line per se, to a movie? It is so significant.   They hit youquickandtough.

The movies recently watched movie today is the Sci-Fi thriller by the famous producer Steven Spielberg and well-know writer-and-director J.J. Abrams-Super 8. Setting is in Ohio with the occurrence of a train crash. A groupof friends is trying to film a movie when the speedingtrain destroys a pick-up truck. Local residence begins to vanish and speculations relating to the train incident. Thriller movies make a very goodquotes because they aretoughto forget The Tree of Life is a movie that hasgoodquotes. TheTree of Life movie, a story of love and brotherhood, is starred with celebrated actors Brad Pitt and Sean Penn. One prominentline, or quote, in this movie is the line by Mr. O’Brien, “Unless you love, your life will flash by.” It is an unforgettable quote. A brief, simple and authenticquote it is.

Amusing movies aremainlyremembered in all movies. They make us feel excellent and relaxed. The recentrelease of Kung Fu Panda 2 has so many quotes to live by. A quote, as quoted by Po, the Dragon Warrior, “How can Kung Fu stop something that stops Kung Fu?” It sounds like a tongue twister, right? A hilarious movie Bridesmaids is a story of Annie, who is badluckwith love and is stuck on being a Maid of Honor on her best friend’s wedding. With otherdeviatecharacters, the movie entails of a great adventure and misadventure of Annie and her bridesmaids in preparing for Lillian’s wedding. It has so many quotes, mostly funny ones. This is why humorousquotes are so unforgettable.

The latest and memorable Movie Quotes. For more information please visit Funny Movie Quotes.

The Importance of Word Choice in Expert Witness Reports

You’ve probably heard the phrase: “it’s not always just about you.” The expert report is not just an expression of your opinions for your own satisfaction. Before you qualifications it, you cannot realize how greatly the words you choose, and the way in which you form your sentences, will affect the legal results. Your attorneys and the opposing attorneys will look more closely at what you say and how you say it than any English teacher you ever had.
Quite simply, your attorney wants to be able to quote things you say to help him make his case. The opposing attorney would love to be able to quote things you say that are either wrong or poorly expressed. He would love for you to provide him with ammunition for cross examination. He wants to hear sentences or adjectives that make you sound uncertain, and that may even enable him to use your words to support opposing points of view.
Similarly, you will have the task of reading the opposing expert’s report and looking for weak technical work or wording that your retaining attorney can undermine or attack.

Your goal in reviewing the other expert’s report is to identify the technical strengths and weaknesses found there. This will help your attorney in his effort to discredit the other expert and/or his work. Knowing what to include in your own expert report should make obvious what omissions or errors to look for in the other expert’s report.
Maneuver carefully with your opinions. You must sound sure. You must be confident of your opinion. Don’t use hedge words or phrases, a common weakness in expert reports. In your reconstruction of an event, or as the result of your tests and analyses, you may reach a firm conclusion. Say so in your opinion. Do not use words like “seemingly,” “possibly,” “possibly,” “maybe” or even phrases like, “it appears that,” “it may be that,” or “it usually is the case that.” If you use phrases and words like these, I can assure you that your opinion will not be helpful. The other attorney will interrogate you about alternative ways to interpret your opinion. He will use your own hedging phraseology to suggest that your opinion should not be taken as credible or convincing. Why should the jury be convinced if you don’t even sound convinced?
By the same token, avoid absolutes, unless a condition about which you are talking is truly a sure thing with no exceptions. Just remember that is rare.
You may wonder exactly how to express your opinion when you do not believe that something is 100% certain, but are confident it is or was true. Here is the answer. The strongest and most acceptable phraseology when expressing each of your opinions is to meet the criteria that you are stating the opinion “…to a reasonable degree of scientific certainty” or “…to a reasonable degree of medical certainty.”

Judd Robbins has been an internationally recognized expert witness since 1986 in the US and in the UK. In 2010, his book “Expert Witness Training” was published by Presentation Dynamics. Robbins has advanced degrees from UC Berkeley and the University of Michigan, has been an Information Systems manager and an Education Systems manager, and consults in both computer and legal issues. Learn more about Mr. Robbins and his Expert Witness Training materials at

Find More Expert Witness Articles