“No Can Do”- 5 Famous Digital Forensic Technologies Myths

By Samir Datt | Founder & CEO | ForensicsGuru.com

The primary purpose of Digital forensics is to detect, collect,  preserve, and analyse digital data from physical evidence devices in such a way that the information obtained retains its authenticity and can be used  in a court hearing.

Forensic examiners (also known as forensic digital analysts) analyse physical evidence devices containing digital data recovered from crime scenes or incident locations. Refer asterisk (*) to see the examples of physical evidence devices.

ALSO READ: Software Licensing Secrets for Indian Law Enforcement Agencies

Forensics examiners acquire/collect  and store vital or evidential  data, recover deleted data, perform deep analysis on the digital data by using Digital Forensic Investigation tools. In depth analysis includes users’ or criminals’ files to collect evidence such as documents, pictures, internet history and Windows Registry information, Live Forensic, Memory Forensic and many more.

While there are some amazing tools out there such as EnCase Forensics (the granddaddy of them all – with support for the maximum number of OS’s) & Belkasoft Evidence Centre X (the hot new DFIR kid on the block) which really do all sorts of magical things like extracting deleted chats, identifying inserted USB devices, tracking internet activity, figuring out secretly printed data and the like, there are still digital forensic areas in realm of mythology.

ALSO READ: Everything You Need To Know About Deleted And Overwritten CCTV Footage

Here I share 5 of the more common myths and the facts behind them. This should help guide Crime Investigation Officers & Top Brass to get a handle on what is realistically possible and what is not.

ALSO READ: Software Licensing Secrets for Indian Law Enforcement Agencies

The FIVE top myths relating to digital forensics:

1. Solving cases in no time  – Gathering Information and Closing Investigations is NOT quick. An investigation can take anything from a few days to several weeks or months, depending on the type and scope of the case. Please don’t use the crime serials you see on TV as a reference. You need to realise each episode is 40 odd minutes and so they must solve the case by the end of the episode.

• Recover any kind of deleted data – When it comes to asking “can you recover deleted data”? The answer will always be “it depends”. It really does depend on each case’s circumstances. If data is overwritten, it is lost – forever (unless it is video data – in which case it may be recoverable – as I said -“it depends”). It’s not always easy, it’s not always quick and it’s unfortunately not always possible.

• Identify who actually used the computer – Another fact that one should remember is that it isn’t possible to use digital forensics to find out who physically used your computer (as opposed to which user name was logged in).

• Crack Every Password – This always seems so simple on TV. Real life is very different. With the kind of algorithm and password complexity that is out there, cracking mobile phone and other application passwords are not the 2 minute  piece of cake TV hackers make it seem.

• Enhancing poor quality Video from Zero to Hero. – Another pet peeve of mine is when someone turns up with poor (actually pathetic) quality video and expects a miracle. A number usually requires at the very least 10 -12 pixels (those tiny squares placed one on top of the other that every image is made of) placed vertically when it comes to number plate enhancement. Video taken of a fleeing vehicle at a distance of half a kilometre, in bad light with 4 pixels in the Licence Plates height are a definite “No Can Do”. It just is not physically possible. You can’t reconstruct a number with pixels so few that you can barely form the digit 1 when you place them one on top of the other.

These are some of the Myths I come across pretty often. Have any of you ever come across some of these? Any others?