Digital trace - PowerPoint PPT Presentation

About This Presentation
Title:

Digital trace

Description:

Digital trace Jozef Mete ko, Martin Mete ko, Jan Hejda Key words Digital trace evidence, data, trace, digital trace, types of digital trace, parameters of digital ... – PowerPoint PPT presentation

Number of Views:176
Avg rating:3.0/5.0
Slides: 42
Provided by: uhr9
Category:
Tags: data | digital | formats | trace

less

Transcript and Presenter's Notes

Title: Digital trace


1
Digital trace
  • Jozef Metenko,
  • Martin Metenko,
  • Jan Hejda

2
Key words
  • Digital trace
  • evidence,
  • data,
  • trace, digital trace,
  • types of digital trace,
  • parameters of digital traces

3
 Introduction  
  • Development of human society
  • is significantly characterized by
  • the development of new technologies.
  • Automated data and information processing
    penetrates into all spheres of social
    life
  • An integration of telecommunication and
    information system (ICT1)
  • enables the speeding and improves the reliability
  • of information processing, storage and
    transmission.
  • opening a wide spectrum of possibilities in
    positive or negative directions.

4
 Problems  
  • non-existence of relevant regulations within
    Criminal Code,
  • problems in the use of forensic procedures
  • the mentioned non-existence of criminalistic
    methods was connected, in particular, to
    theoretical and practical defect failing to
    elaborate the knowledge of digital trace
    existence.

5
 Problems  
  • a notion of digital record
  • has been used in English speaking countries,
    digital evidence / digital trace,
  • conception of digital trace as an independent
    type of field trace has not been elaborated so
    far.
  • Provided we do accept the classification of all
    criminalistic traces into
  • material, field and memory ones,
  • then in connection to digital traces we may speak
    about a group of field traces along with traces
    related to electric charge or various radiation
    forms.

6
 Problems  
  • Besides
  • primary content, which is featured via
    peripheries (text, photography, sound, video
    etc.),
  • data files often include also so called metadata
    - which define important information about a
    file,
  • characterizing it making it individual among
    other objects.
  • metadata define e.g. when a picture was shot,
    under which luminous conditions, setting and type
    of digital camera, or even a camera owner is
    known etc.

7
Characteristics of digital trace
  • Each technological equipment that gains,
    elaborates, hands over or stores data,
  • leaves records from criminalistic trace
    viewpoint these are reflections of its activity.
  • Such records are from criminalistic viewpoint
    traces.
  • These activities and caused changes
  • are reflected in material environment,
  • having a direction inside technology and
  • outside the given technology1 environment.

8
Characteristics of digital trace
  • In the sense of communication and information
    crime the problem of equipment dealing with data
    is much wider than a pure PC work.
  • Some renowned Slovak or Czech authors make use of
    notion computer crime cyber crime, which is
    applied more intuitively rather than clearly
    defined.
  • The notion of computer (cyber) trace arose in the
    same period as the notion cyber crime,
  • the notion cyber (crime) is not enough today,
    as other electronic equipments leave traces as
    well. Those traces have the same features,
    general or individual features as computer
    (cyber) trace..

9
Characteristics of digital trace
  • Foreign literature offers quite similar
    definitions
  • ordinary notion digital evidence in a meaning
    of digital trace (digital evidence)1.
  • In English in relation to forensic practice
    evidence takes the priority.
  • Word trace that would be related to modern
    technologies does not exist in English
    literature.
  • The reason is simple and pragmatic English
    theory and practice are strongly oriented to
    results of criminal procedure, i.e. trace must be
    acceptable by court. Thats why perception and
    use of notions in English make trace and
    evidence1 identical.

10
It was drafted already in 1999 by a (working
group SWGDE) Scientific Working Group on
Digital Evidence.
  • Digital trace is any
  • information having
  • communicative value,
  • stored or transmitted in digital shap

11
This definition is open to any digital
technology. It covers a filed of computers,
computer communication as well as a field of
digital transmissions (mobile phones, but for
future also digital TV etc.), video, audio,
digital photos, camera systems (CCTV)data,
electronic security systems data and any other
potential technologies connected to
Hi-tech crime.
  • Digital trace is any information having
    communicative value, stored or transmitted in
    digital shap

12
A digital trace as definiton must
be usable for crime control,
criminalistics, general forensic investigation
held by state bodies (civil litigation, trade
laws etc.), the needs of commercial base - needs
of independent internal or external audits etc.
  • Digital trace is any information having
    communicative value, stored or transmitted in
    digital shap

13
Other definitions
  • In respect to definition of digital traces,
    other processes and entities are defined
  • digital traces seizing
  • data objects
  • physical objects
  • digital trace originals
  • duplicate of digital trace
  • copy of digital trace

14
Digital traces seizing
  • is a process,
  • which starts in time when information of
    equipment is found out or found as stored in
    order to seize and examine them.
  • Seizing must be relevant to the knowledge
    of criminalistics and other sciences
    legal in
    relation to evidence matters in a given legal
    system (state or other legally delimited
    territory).
  • Physical and data objects become evidence
    provided they are acceptable by law enforcement
    agencies.

15
Data objects
  • are non-material objects or information
  • having trustworthy communicative value,
  • while being associated with touchable elements of
    material substance as carrier/medium.
  • Data object may be of different formats / but
    they can never change the original information.
  • Data objects are e.g. represented by databases,
    address lists, files, content of virtual
    memories, digital video or audio records and many
    others.

16
Physical objects
  • (touchable, directly registered by human senses)
    are elements more frequently media where data
    objects are stored and via which these are
    transmitted.
  • hard discs, various memory media (floppies, CD
    and DVD, memory cards, data tapes etc.) physical
    objects
  • particularly info serial numbers, dactyloscopic,
    mechanic or biological traces and others proving
  • logical link between a physical equipment (owner,
    user, time) and its user/offender

17
Original of digital trace
  • is a physical or data object seized for the need
    of expert or forensic examination.
    Originals are the basic evidence.
  • For working purposes, users (offenders) or
    investigators make their duplicates or copies of
    digital traces.
  • This process is clear and no information change
    occurs. Only for digital traces in criminalistics
    are duplicated objects identical to original.
  • Moreover the process is reversible,
    repeatable with the same results provided basic
    conditions are met.
  • gained or made material has the same information
    value as the original and
  • is available to users and independent experts
    physical objects

18
Duplicate
  • Duplicate is comfortable, secure and
    fully-fledged to work with.
  • They are made mostly for the needs of repeated
    examination.
  • It is vitally necessary towards independent
    experts in those cases when a physical object
    itself (company PC) cannot be seized for the
    needs of law enforcement agencies due to various
    reasons.
  • PC practice makes standard use of disc image
  • Image is a spitting duplicate of its content,
    like a mirror of the original content stored in
    digital shape.

19
Copy of digital trace
  • is an exact reproduction of information from
    original physical object onto others, physically
    independent data medium.
  • When making a copy we create data objects with
    the same information but using a physical object,
    which can be of a different type.
  • It is not inevitable to reproduce all data
    objects of the original physical object, but just
    some of them. In this respect, not all functional
    and logical links with other data objects have to
    be kept.
  • We make copies if the investigation purpose is
    present, e.g. due to size. Copies contain only a
    part of data objects of the original physical
    object. Information value of every copied object
    does not change from its original though.

20
Digital traces and their specific features
  • Digital traces,
  • have their general and individual typological
    features and characteristics which, from the
    aspect of the
  • for law enforcement bodies, have typically
    positive or negative consequences.
  • Then we need to bear these
    aspects in mind all the time and
  • in all stages of our work with the
    digital traces.

21
Digital traces and their specific features
  • Digital traces are formed by human action
  • user / offender
  • on the application or system software,
    functionality of the digital equipment or
  • automatic effect of one device on the other.
  • Therefore,
  • digital traces reflect the specific high-tech
    features to an unusually high extent and the rich
    colour of the human mind of their users.

22
Digital traces and their specific features
  • Substance of digital traces as traces of a field,
  • Latent nature of digital traces,
  • Tracing digital traces in time,
  • High density of content of digital traces,
  • Very low life span of digital traces,
  • Storage and quality of digital traces is
    influenced by a number of subjective factors,
  • Great volume of data in digital traces,
  • Data density of digital traces decreases with the
    development of new technologies,

23
Digital traces and their specific features
  • Extreme dynamism of the environment of the
    digital traces,
  • Heterogeneity and complexity of the environment
    of digital traces,
  • Great geographical extent of the environment of
    digital traces,
  • High degree of data protection hinders the work
    with digital traces,
  • Digital traces are automatically identifiable and
    processable by specialized means,
  • High degree of obliteration of digital traces by
    qualified offenders,
  • Restorability of obliterated digital traces,
  • Genuineness of digital traces,
  • Contemporary low degree of judicial acceptation
    of digital traces in legal practice.

24
Digital traces as field traces
  • Although data and information are immaterial, on
    material medium,
  • with various technological equipment, format,
    data structure, reliability and lifespan etc., is
    needed in order to store them.
  • The medium contains digital traces in the form of
    field and it is a physical component of means of
    evidence.

25
Latency of digital traces
  • Digital traces are invisible. Latency is
    multiple.
  • The records, which are processed or stored to the
    data medium, are invisible to the naked eye (with
    the exception of views of monitor screens, print
    screens, photographs or video recordings of
    screens and printed documents).
  • a hidden attribute set, special settings of
    users rights or special application or system
    means.
  • deleted recordings, reformatted disks or data
    destroyed or changed by other means. In the same
    way we approach encrypted data,

26
Time traceability of digital traces
  • In comparison to other traces in criminalistic or
    forensic practice in some case the digital traces
    can precisely determine time span of activities.
  • they significantly document the process of all
    particular activities in time.
  • If all versions of working documents are stored,
    internal audit can analyse procedure of document
    processing in similar way.
  • This is determined by fact
  • digital devices (camcorders, cameras etc.) have
    digital clock, which determines the activities of
    system SW

27
Content of digital traces
  • In specific cases digital traces have high
    information value on interests and activities of
    the person,
  • they are unique in comparison to other types of
    the traces.
  • to study not only particular activities of the
    computer users,
  • what information he was interested in,
  • what information he acquired, processed, stored
    or handed in to the others.
  • Due to these facts it is possible to determine
    some fields of the interest of the perpetrator,
    his motivation and to create psychological
    profile

28
Very low lifespan of digital traces
  • From criminalistic or forensic point view of
    digital traces digital records are recorded to
    memory medium.
  • They can be intentionally deleted by the user or
  • systematically and automatically (without ones
    involvement) rewritten by other records.
  • It is possible to restore deleted recordings with
    the help of special SW, but the restoring must be
    done very quickly before the memory medium is
    rewritten by system means.

29
Storing and quality of digital traces is
influenced by subjective factors
  • From the point of safety storing and quality of
    digital traces is directly proportional to
    international, national or institutional
    legislation,
  • experience of system administration and
  • it depends on institutional culture.
  • Regular monitoring and audit of key transactions,
    providing storage backup and data archiving from
    important data sources to a special medium and
    their long-term storage, play primary role.

30
Large data capacity of digital traces
  • Strong centralization, arising from operational
    and economic reasons, is typical for computer and
    communication means. In our country data capacity
    is around tens TB in middle size companies. Only
    a small part has character of a digital trace.
  • Data density of digital traces, among other data
    with development of new technologies, constantly
    decreases
  • The digital trace itself is not limited by
    physical capacity. New technologies for data
    comprising are developed. It means that larger
    data capacity is saved to the

31
Extreme dynamics of environment of digital
traces
  • This particularity is typical mainly for common
    network environment in big institutions when data
    funds are distributed in real time. Comprehensive
    company applications are strongly centralized and
    dynamic with high requirements for application
    accessibility from the point of fulfilling
    information needs of the institution, economic
    and operational characteristics.
  • Applications are included in critical company
    applications. It means that interruption of
    application function only for one minute (mainly
    in industry, transport, telecommunication,
    financial institutions etc.) can have disastrous
    existential consequences.

32
Heterogeneity and complexity of the environment
of digital traces
  • Various
  • operational systems, databases,
    application software and its versions,
    data interface among applications,
    data formats, transferable proceedings,
    proceedings of operational records, logo
    etc. are commonly and concurrently used in the
    same organizations.

33
Large geographic capacity of environment with
geographic traces and small area
  • Computers are connected together around the whole
    world with the help of private computer network
    and the Internet, so distribution of distant data
    and application is possible.
  • A highly experienced perpetrator
  • the computer network does not recognize
    geographic boundaries,
  • the investigation is always (usually) based on
    present laws of the country

34
High level of data protection
  • makes the work with the digital traces difficult
    or impossible
  • Due to the safety reasons there are a lot of data
    transitions and nodal points, mainly in file
    systems and databases, which are
    cryptographically protected. If we are not
    familiar with the particular algorithm or
    technological means

35
A digital trace is automatically identifiable and
processable by specialized devices
  • Since digital traces are generated as a final
    result by a certain technology
  • general corporate database of officially
    purchased software products at our disposal and
    the computers are connected to the corporate
    network, it is possible to search/scan the system
    registers of all computers

36
High level of digital traces obliteration by
qualified offenders
  • As practice shows, highly competent offenders
    whose professional education is associated with
    the field of information and communication
    technologies cause the largest traces.
  • The offenders are extremely familiar with the
    keystone of crucial technologies functioning as
    the ways of the technologies and data protection
    they have to and are able to avoid, are of great
    interest to them.

37
Damaged digital traces restoration
  • Under specific conditions, deliberately deleted
    or otherwise damaged digital traces can be
    restored.
  • As a rule, this is not true of other
    criminalistics relevant traces. A footprint once
    deleted cannot be restored.
  • Digital traces restoration is conditioned by the
    keystone of operation systems

38
Digital traces originality
  • During the files and data copying process, no
    data loss or distortion is caused
  • digital traces can be easily modified without the
    process of modification leaving any visible
    tracks of its activity behind
  • Digital traces may also be easily modified or
    destroyed right in the process of collecting or
    safeguarding it for the purposes of examination
    and investigation.
  • Unless the standard procedures of digital traces
    safeguarding

39
Low judicial acceptance of digital traces by
legal practice
  • users activities or the activities associated
    with automated processes and programs
  • The problematic issue related to digital traces
    is theoretical and in some cases also practical
    possibility of falsification and of challenging
    the legal quality of traces.

40
Low judicial acceptance of digital traces by
legal practice
  • However, this possibility occurs within all types
    traces processed in criminalistic and forensic
    way.
  • we are exposed to prejudices of individuals made
    on grounds of unfamiliarity with the subject
    matter
  • rather that to relevant reference
  • equipment is classified and certificated in the
    safety manner. The main problem is the
    identification of the person responsible for a
    particular digital trace

41
  • Lt. Extraordinary professor
  • Dr. hab. Jozef Metenko, PhD.,
  • Head - Chair of criminalistics and forensic
    science,
  • Academy of the Police Force, Bratislava,
    Slovakia.
  • metenko_at_minv.sk jmetenko_at_pobox.sk
  • Mag. Metenko Martin
  • Dell Computers Slovak republic
  • 00421 907 474 981 (Handy), Slovakia
  • martin_metenko_at_dell.com
  • Ass. prof. Jan Hejda, PhD.,
  • Head - Chair of law and social science,
  • faculty of management,
  • VŠE Praha Czech republic,
  • hejda_at_fm.vse.cz
Write a Comment
User Comments (0)
About PowerShow.com