Deoxyribonucleic Acid, or DNA as it is commonly known, has been the gold standard in forensic evidence associated with convicting criminals or overturning convictions that did NOT have, at the time, conclusive DNA evidence. Frontline recently studied some of the weaknesses of DNA and fingerprint evidence which has been relied on by law enforcement, prosecutors, and courts for many years now.
The new “DNA” for forensic science, if you’ll allow me to go so far, is Digital Forensics. People’s activities can largely be understood through their use of electronics, computers, the Internet, and other such media. This forms a digital trail that can be used to understand people’s state of mind, their locations, their motives, and ultimately their innocence or guilt. When we hear about a criminal investigation or a “leak”, the public gets an increasingly common chance to form preconceived notions about a person’s innocence or guilt on the basis of an email or an internet search. This commonly is an unfair bias, but that is another story.
If I was a criminal defense attorney, I would be filing appeal after appeal for each of my formerly convicted clients who were convicted partially on the basis of a computer forensic investigation or on the basis of “digital evidence”. Why?
In the very recent past, Digital Operatives has shared information about Dark-Drive and/or about Security and Trust. Even more recently, the Equation group fiasco has taught us that your hard drives have “someone” inside them as well.
This leads to interesting fallout. Can wrongfully or rightfully convicted criminals start to seek appeals on the basis of this new evidence that shows that the tried and true method of using “write-blockers” by Forensic “Experts” to create evidence can be proven to be worthless when there is malware inside the firmware of the device you are creating a forensic image of?
Digital Operatives, with Dark-Drive, has demonstrated that we can destroy and modify data on a USB drive while being “read” through a forensic write-blocker. When a forensic expert gets on the stand and testifies with reasonable degree of certainty that they took a forensically sound image of the suspect’s hard drive, they in fact cannot be sure. At least not with this new evidence proving that it is possible otherwise to destroy or modify evidence in this way.
Minus some complete understanding of the firmware on the hard drive, or some trust on the basis of signed code existing on a hard-drive, I would be the first one to admit that I can’t tell whether there is foolproof evidence that the suspect is guilty or whether the suspect was “framed” by a hacker group or nation-state for political, ideological, and/or other reasons.
Potential conspiracies abound, it is interesting nonetheless and perhaps will be part of the discussion in the future.
Several at Digital Operatives are available to testify as Expert Witnesses in various related disciplines and/or of course to provide advanced computer forensic services.