Anything with a microprocessor inside it could prove at best
embarrassing and at worst incriminating to anyone whose activities
result in them having to tell a lie.
This sobering thought emerged from the annual lecture organised by
the BCS and the Royal Signals Institution, when a senior person
from the Centre for Forensic Computing of Cranfield University gave
an insight into the collection of digital evidence and what it can
reveal.
The speaker's involvement in police work means that their identity
cannot be revealed.
The speaker pointed to the range of devices that can provide
evidence, including PCs, cash registers, fax and answering
machines, alarm systems, mobile phones, cameras - even microwave
ovens: the electronic clock and memory might show whether a suspect
was cooking dinner at the time claimed.
Similarly, an electronic till might reveal whether it was being
used at the time a suspect said he or she was at work. An alarm
system might reveal whether it was set properly and switched on at
the time of an incident.
The audience were warned about e-mailing Microsoft Office files:
they include information about the user, the system used and the
number of versions - and may include previously deleted comments
about the recipient. A forensic computing expert could extract such
information.
Forensic computing is the scientific examination of a digital
device with a view to extracting all the information possible so it
can be presented in an admissible form in court. The vital first
step is to secure the evidence.
"It is absolutely vital to ensure that the process cannot be
challenged," the speaker said. "You have to ensure continuity of
evidence, ensure that an exhibit is signed for as it moves from
person to person and that it is never in an unknown state, never
open to contamination by anyone."
Evidence might be photographed: for example to show that a PC is
fitted with sound and video cards and is capable of doing what a
person is suspected of.
The device is then taken apart with great care, and with all steps
recorded: cannabis was once found in a PC where a disc was supposed
to be.
A PC's memory can yield information, such as the date and time set
in the machine.
Advances in storage technology are making examination a growing
task. The speaker highlighted some software products which can help
to examine disc and memory contents. One product can create a
gallery of live and deleted files and pictures. A practitioner can
flag ones which look unlawful. Other products convert binary to
hexadecimal, reducing the number of characters, and convert hex to
Ascii text.
The skills of the experts were demonstrated when the speaker
cracked a password on a personal digital assistant, used by a
member of the audience, within minutes and revealed a message which
was password-protected.