Digital Forensics Fundamentals

What it is and it is not

D Musundire, Mr (@taona2)

Computer Science Department

National University of Science and Technology
Bulawayo, ZW

2020

. . . .... .... .... . . . . .

Contents

1 Definitions

2 Digital Forensics?

3 Computer Forensics

4 Computer Crime

5 Cyber Crime

6 Cyber-aided crime

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Class code

4zip2ak

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Contents

1 Definitions

2 Digital Forensics?

3 Computer Forensics

4 Computer Crime

5 Cyber Crime

6 Cyber-aided crime

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

your gadget will betray you...

The digital universe (all the digital information in the world)

will reach 1.2million petabytes in 2010. That’s up by 62%
from 2009.
If you can’t get your head around a petabyte, maybe this will
help:
“One petabyte is equal to: 20 million, four-drawer filing
cabinets filled with text or 13.3 years of HD-TV video.”
(Mozy, 2009)

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Definitions

Computer Forensics involves the preservation,

identification, extraction, documentation and
interpretation of computer data.
Computer Forensics is the application of science and
engineering to the legal problem of digital evidence. It is
a synthesis of science and law.
Computer forensics focuses on finding digital evidence
after a computer security incident has occurred.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Definitions

Computer Forensics involves the preservation,

identification, extraction, documentation and
interpretation of computer data.
Computer Forensics is the application of science and
engineering to the legal problem of digital evidence. It is
a synthesis of science and law.
Computer forensics focuses on finding digital evidence
after a computer security incident has occurred.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Definitions

Computer Forensics involves the preservation,

identification, extraction, documentation and
interpretation of computer data.
Computer Forensics is the application of science and
engineering to the legal problem of digital evidence. It is
a synthesis of science and law.
Computer forensics focuses on finding digital evidence
after a computer security incident has occurred.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Definitions.....cont
Computer Forensics is the process of methodologically
examining computer media for evidence.
Computer Evidence is often transparently created by
the Operating System without the knowledge of the
computer user. The information may be hidden from view
and to find it, special forensic software tools and
techniques are required.
www.forensiccontrol.com (2017): Computer forensics
is the practice of collecting, analyzing and reporting on
digital data in a way that is legally admissible. It can be
used in the detection and prevention of crime and in any
dispute where evidence is stored digitally. Computer
forensics follows a similar process to other forensic
disciplines, and faces similar issues. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Definitions.....cont
Computer Forensics is the process of methodologically
examining computer media for evidence.
Computer Evidence is often transparently created by
the Operating System without the knowledge of the
computer user. The information may be hidden from view
and to find it, special forensic software tools and
techniques are required.
www.forensiccontrol.com (2017): Computer forensics
is the practice of collecting, analyzing and reporting on
digital data in a way that is legally admissible. It can be
used in the detection and prevention of crime and in any
dispute where evidence is stored digitally. Computer
forensics follows a similar process to other forensic
disciplines, and faces similar issues. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Definitions.....cont
Computer Forensics is the process of methodologically
examining computer media for evidence.
Computer Evidence is often transparently created by
the Operating System without the knowledge of the
computer user. The information may be hidden from view
and to find it, special forensic software tools and
techniques are required.
www.forensiccontrol.com (2017): Computer forensics
is the practice of collecting, analyzing and reporting on
digital data in a way that is legally admissible. It can be
used in the detection and prevention of crime and in any
dispute where evidence is stored digitally. Computer
forensics follows a similar process to other forensic
disciplines, and faces similar issues. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Contents

1 Definitions

2 Digital Forensics?

3 Computer Forensics

4 Computer Crime

5 Cyber Crime

6 Cyber-aided crime

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Digital Forensics?

In Forensic Magazine,Ken Zatyko defined digital forensics

this way:
“The application of computer science and investigative
procedures for a legal purpose involving the analysis of
digital evidence after proper search authority, chain of
custody, validation with mathematics, use of validated
tools, repeatability, reporting,and possible expert
presentation.” (Zatyko, 2007)

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Digital Forensics?

So then, what is digital forensics? It is the examination

of digital storage and digital environments in order to
determine what has happened or currently happening.
The sub-disciplines:
1 Computer Forensics – the identification, preservation,
collection, analysis and reporting on evidence found on
computers, laptops and storage media in support of
investigations and legal proceedings.
2 Network Forensics – the monitoring, capture, storing
and analysis of network activities or events in order to
discover the source of security attacks, intrusions or
other problem incidents, i.e. worms, virus or malware
attacks, abnormal network traffic and security breaches.
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Digital Forensics?

So then, what is digital forensics? It is the examination

of digital storage and digital environments in order to
determine what has happened or currently happening.
The sub-disciplines:
1 Computer Forensics – the identification, preservation,
collection, analysis and reporting on evidence found on
computers, laptops and storage media in support of
investigations and legal proceedings.
2 Network Forensics – the monitoring, capture, storing
and analysis of network activities or events in order to
discover the source of security attacks, intrusions or
other problem incidents, i.e. worms, virus or malware
attacks, abnormal network traffic and security breaches.
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Digital Forensics?....cont
The sub-disciplines:
3 Mobile Devices Forensics – the recovery of electronic
evidence from mobile phones, smartphones, SIM cards,
PDAs, GPS devices, tablets and game consoles.
4 Digital Image Forensics – the extraction and analysis of
digitally acquired photographic images to validate their
authenticity by recovering the metadata of the image file
to ascertain its history.
5 Digital Video/Audio Forensics – the collection, analysis
and evaluation of sound and video recordings. The
science is the establishment of authenticity as to
whether a recording is original and whether it has been
tampered with, either maliciously or accidentally.
6 Memory forensics – the recovery of evidence from the
RAM of a running computer, also called live acquisition.
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Contents

1 Definitions

2 Digital Forensics?

3 Computer Forensics

4 Computer Crime

5 Cyber Crime

6 Cyber-aided crime

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Computer Forensics

Computer forensics involves the following:

Computer Forensic Analysis
Electronic Discovery
Electronic Evidence Discovery
Digital Discovery
Data Recovery
Data Discovery
Computer Analysis
Computer Examination

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Contents

1 Definitions

2 Digital Forensics?

3 Computer Forensics

4 Computer Crime

5 Cyber Crime

6 Cyber-aided crime

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Terms used for crime

There are at present a large number of terms used to

describe crime involving computers.
Such terms include:
crime,
computer crime,
internet crime,
e-crime,
high-tech crime,
online crime,
electronic crime,
computer misconduct and
cybercrime.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Computer Crime

What can the computer be used for?

e.g DoS,
Anything that requires communication and storage of
data(information).
Consider in what types of criminal investigations that
computer forensic experts may be involved and in what
way.
Case Study: Find a real-life verdict of a crime where
computers where used. Discuss how digital forensics were
used to solve the case.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Computer Crime

What can the computer be used for?

e.g DoS,
Anything that requires communication and storage of
data(information).
Consider in what types of criminal investigations that
computer forensic experts may be involved and in what
way.
Case Study: Find a real-life verdict of a crime where
computers where used. Discuss how digital forensics were
used to solve the case.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Computer Crime

What can the computer be used for?

e.g DoS,
Anything that requires communication and storage of
data(information).
Consider in what types of criminal investigations that
computer forensic experts may be involved and in what
way.
Case Study: Find a real-life verdict of a crime where
computers where used. Discuss how digital forensics were
used to solve the case.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Computer crime ....cont

Improperly accessing a computer, system, or network;

Modifying, damaging, using, disclosing, copying, or taking
programs or data;
Introducing a virus or other contaminant into a computer
system;
Using a computer in a scheme to defraud;
Interfering with someone else’s computer access or use;
Using encryption in aid of a crime;
Falsifying email source information; and
Stealing an information service from a provider.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Contents

1 Definitions

2 Digital Forensics?

3 Computer Forensics

4 Computer Crime

5 Cyber Crime

6 Cyber-aided crime

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Cyber Crime
criminal.findlaw.com: Cyber crimes are criminal
offenses committed via the Internet or otherwise aided by
various forms of computer technology, such as the use of
online social networks to bully others or sending sexually
explicit digital photos with a smart phone.
Interpol (2018) defines as follows:
Advanced cybercrime (or high-tech crime) - sophisticated
attacks against computer hardware and software.
Symantec Corporation defines cybercrime broadly
as:–”any crime that is committed using a computer or
network or hardware device”.
Who can carry out a cyber-attack or commit a
cybercrime?
This is a very important investigative question? Who can
be a suspect? .
.
.
.
.
. . . . .
. . . .
. . . .
. . . .
. . . .
. . . . .
.
.
.
.
.
.
.
.
.

DM @taona2 Digital Forensics Fundamentals

Contents

1 Definitions

2 Digital Forensics?

3 Computer Forensics

4 Computer Crime

5 Cyber Crime

6 Cyber-aided crime

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Cyber-aided crime

What are these?

Cyber-enabled crimes are ’traditional’ crimes, which can
be increased in their scale or reach by use of computers,
computer networks or other forms of information
communications technology (ICT).
Unlike cyber-dependent crimes, they can be committed
without the use of ICT.
Cyber-enabled crime – many ’traditional’ crimes have
taken a new turn with the advent of the Internet, such as
crimes against children, financial crimes and even
terrorism.
Crimes with digital evidence...cyber-enabled fraud and
theft
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Cyber-enabled fraud
Electronic financial frauds, most notably online banking
frauds and internet-enabled card-not-present (CNP)
fraud. Internet-enabled CNP fraud involves transactions
conducted remotely,over the internet, where neither
cardholder nor card are present. Related to this are
e-commerce frauds.
Fraudulent sales through online auction or retail sites or
through bogus websites, which may offer goods or
services that are not provided. (also purchase of
counterfeit products and retail misrepresentations, such
as online ticketing fraud.
Mass-marketing frauds and consumer scams, including
advance fee scams such as the 419 frauds, inheritance
frauds, fake charity or disaster relief frauds, fake lotteries
and pyramid schemes. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Cyber-enabled fraud ....cont
Phishing scams are a particular kind of mass-marketing
fraud: they refer specifically to the use of fraudulent
emails disguised as legitimate emails that ask or ’fish’ for
personal or corporate information from users, for example,
passwords or bank account details. Phishing attempts can
be sent out en masse to a range of potential targets.
Pharming occurs where a user is directed to a fake
website, sometimes from phishing emails, to input their
personal details.
’Online romance’ (or social networking/dating website)
frauds. Individuals may be contacted via social
networking or dating sites and persuaded to part with
personal information or money following a lengthy online
’relationship’. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case study
Spear phishing: A case-study
Customers of a telecommunications firm received an email
explaining a problem with their latest order. They were asked
to go to the company website, via a link in the email, to
provide personal information – like their dates of birth and
Social Security numbers. Both the email and the website were
bogus.Instead of casting out thousands of emails randomly
hoping that a few victims will bite, spear phishers target select
groups of people with something in common – they work at
the same company, bank at the same financial institution,
attend the same college, or order merchandise from the same
website. The emails are ostensibly sent from organisations or
individuals the potential victims would normally get e-mails
from, making them even more deceptive.
Federal Bureau of Investigation, 2009 .
.
.
.
.
. . . . .
. . . .
. . . .
. . . .
. . . .
. . . . .
.
.
.
.
.
.
.
.
.

DM @taona2 Digital Forensics Fundamentals

Cyber-enabled theft
Methods and techniques involved in cyber-enable theft include:

Use of technology to steal personal data – this

includes hacking, keylogging,and other techniques
designed to exploit vulnerabilities in computer systems or
networks.
Detailed online searching for personal information –
this includes searching for dates of birth, names and
family details, all of which are now regularly stored on
social networking, directory, dating and employment
websites. Other sites can be used to work out a person’s
identity. Such information can be used, for example, to
access bank accounts and e-mails, or to allow specific
targeting with phishing emails.
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Cyber-enabled theft....cont

Social engineering techniques – these play on the

basic premise that most people trust others online and
users can be deceived or duped into parting with personal
information or money. These are key to common frauds,
such as phishing emails. Cyber criminals may use fear,
authority or other persuasive tactics and may combine
social engineering with other techniques such as
pharming, to obtain personal details or money.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case
Mary’s Case:
Cyber-Stalking Mary is a student in her late-twenties attending a
public university in Australia. After receiving a series of emails and
instant messages containing sexually explicit comments she seeks
help from her parents. Content within the messages indicates that
the sender knows where Mary attends university, the people in her
friendship circle, and other personal information. The identity of the
sender is not disclosed in the correspondence. Concerned that the
sender may be using personally identifiable information about Mary
available on the Internet, her father performs online research. He
discovers various comments mentioning Mary by name in postings
on erotic websites, which appear to be hosted overseas.
Nevertheless, both Mary and her parents are reluctant to report the
matter, as they believe police lack the capacity to investigate crimes
associated with the Internet and technology. Mary is also
embarrassed about the content of the postings and maintains the
incident is probably not serious enough for police to investigate.
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case

Mary’s Case: Threats to harm

About a week after the initial contact, Mary informs her parents
that she received a call from a stranger expressing interest in
participating in ‘sexual fantasies’. The caller claimed to be
responding to an online message before he disconnected. Mary
shows her parents a posting she found on an online bulletin board
containing her name and phone number and a message broadcasting
that she fantasizes about being raped. Mary subsequently receives
an email message containing threats to harm her. Attached to the
message are several photos depicting the house where she lives and
images of her meeting with friends for coffee at university. There is
also a photo showing an item of her clothing that she believes was
taken from the clothesline. Mary and her parents report the matter
to local police later that day.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case

Mary’s Case: Police Report

Upon receiving the report, the local police refer the matter to the
specialist e-Crime Unit. Senior Constable Lyon is tasked with
investigating the case. Given the immediacy of the threats
perpetrated against Mary, the matter is given ’high priority’ status.
Lyon contacts Mary and arranges to meet for an interview. During
the interview, Lyon obtains copies of all electronic correspondence
between Mary and the stalker, including data residing on her
computer and handheld devices. Lyon warns Mary that it can be
difficult to investigate cyber-stalking, particularly if the stalker or the
evidence is located in another country. He pointedly asks Mary if
she has recently had a ”falling-out” with anyone or has any
suspicions concerning the identity of the offender. Mary tells Lyon
that she had a ”bad break-up” with a former boyfriend upon
discovering him cheating with one of her friends.
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case
Mary’s Case: Investigative Hurdles
A short time after the interview with Mary, Lyon meets with the
Officer-In-Charge (OIC) of the e-Crime Unit to deliver a progress report.
Lyon tells the OIC that he has traced the Internet postings vis-à-vis Mary
to an adult website hosted in Moldova and a public classifieds forum
hosted in the US. Upon request, the service provider in the US removed
the offending material and forwarded data associated with the posting,
but this data produced no value as the recoded IP address pointed to use
of an anonymizing proxy service. The entity in Moldova flatly refused to
cooperate. The email and instant message communications also yielded
nothing as the sender stripped email header information using a remailer
service in Serbia, and SMS records were concealed by routing messages
through a satellite-based telephony service in Russia. The Serbian and
Russian service providers were likewise uncooperative. The OIC then
enquires about the outcome of the digital forensics inquiry. Lyon explains
that the Victim’s devices have not been forensically examined due to an
extensive backlog of cases also requiring urgent attention.
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case

Mary’s Case: Forensic Outcomes and Warrant Activity I

Forensic analysis of the email and SMS messages at the e-Crime Lab
supports Lyon’s initial findings. Detailed examination of metadata
associated with the digital photographs also reveals embedded
’geo-tags’. Lyon plots the GPS coordinates on a map and presents
the information to Mary. Mary identifies the locality as consistent
with the address of Paul, her former boyfriend. Lyon takes a
statement from Mary and applies to the court for search and seizure
warrants targeting Paul’s residence. The Magistrate grants the
warrants and Lyon executes them the following day. Police search
Paul’s house but are unable to find the item of Mary’s clothing
depicted among the digital photographs.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case

Mary’s Case: Forensic Outcomes and Warrant Activity II

The encryption implemented on Paul’s Blackberry device hinders
attempts by forensic personnel to access the data. Paul refuses to
provide the passphrase to decrypt the contents of his phone and
telephones a lawyer who recommends that he not make any formal
statement. Forensic analysis of Paul’s computer exposes a quantity
of child exploitation material (CEM) and digital photographs, which
resemble those sent to Mary. Lyon arrests Paul and police seize his
computer and Blackberry. Lyon escorts Paul to the local police
station where Paul’s lawyer meets them. Lyon commences a Record
of Interview during which Paul makes no comment to the questions
put to him. Lyon charges Paul with stalking and informs him that
he may also be charged with possession of child pornography.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case
Mary’s Case: Modus Operandi
Lyon follows up with up with the e-Crime Lab to see if they have been
able to defeat the encryption on Paul’s phone. The Lab reports that they
have not been able to circumvent security on the Blackberry, and have
not identified how the CEM was downloaded to Paul’s computer, or the
electronic means used to stalk Mary. However, the Lab reports that the
digital photographs discovered on Paul’s computer match those sent to
Mary. Lyon prepares a short-form brief of evidence for delivery to the
Office of Public Prosecutions (OPP). A few weeks later, James Keller, a
prosecutor with the OPP, arranges for a meeting with Lyon. Keller
informs Lyon that he has received correspondence from Paul’s lawyer
indicating that Paul intends to contest the charges. Keller predicts that,
in the absence of corroborative evidence, the defense will argue that Paul
did not knowingly possess the CEM. Lyon speculates that Paul used his
Blackberry to instigate the cyber-stalking and to download the CEM.
Keller recommends that Lyon apply to the court for an order compelling
Paul to provide the decryption passphrase for his Blackberry.
. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case

Mary’s Case: Mandatory Disclosure and Committal Hearing I

Lyon obtains an order from the court under section 3LA of the
Crimes Act 1914 (Cth) requiring Paul to divulge information needed
to access data held in his Blackberry. The court order is served
upon Paul’s solicitor and Lyon receives the decryption passphrase in
subsequent correspondence. Other than Mary’s contact details,
digital forensic analysis of the Blackberry does not reveal any
evidence to support the stalking or possession charges. Detailed
examination of Internet browsing history on the phone shows records
consistent with an interest in gay dating websites and recreational
drug use. Lyon meets again with the OPP to review the evidence.
Despite the absence of evidence on the Blackberry, Keller is still
confident that a prima facie case exists against Paul and therefore
proceeds with a charge for possession of child pornography.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case

Mary’s Case: Mandatory Disclosure and Committal Hearing II

The matter is listed for Committal Hearing in the Magistrates’
Court. At the Hearing, the Defense Counsel enters a submission of
’no case to answer’, asserting that the defendant did not have any
knowledge of the CEM on his computer, that someone else placed it
there, and disputing the authenticity of the digital photographs
related to the stalking charge. The Magistrate struggles to
understand the technical subject matter and orders that the
possession and stalking charges be listed for separate trials in the
County Court. Defense Counsel then applies to have the charges
tried jointly.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals

Case

Mary’s Case: Criminal Trial and Acquittal

The court found (and decided) the following:
Independent Expert used by the Defense used timestamps to
challenge evidence.
Paul’s motive for not releasing his passphrase early.
Paul is a average user of computers.
Judge was critical of the expert used by the Prosecutor.
Mary was found with a private network, destroyed hard drives
and devices ’cleaned up’.
Paul was acquitted and investigation focusing on Mary
dropped for lack of evidence.

. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . .

DM @taona2 Digital Forensics Fundamentals