But, again to the core of the issue - is showing "intent" something a digital forensics investigator's (or whatever you prefer to call our field) competency?
The only forensics field I am aware that dwells into this is forensic psychology.
But, again to the core of the issue - is showing "intent" something a digital forensics investigator's (or whatever you prefer to call our field) competency?
The only forensics field I am aware that dwells into this is forensic psychology.
Agreed, it's not our role to show intent. Having said that, I think it would be interesting to find some case law that clearly articulates what evidence/criteria judges have used in computer-related cases to decide that there was intent.
Maybe the OP will share what his class comes up with (hint, hint, hint wink ).
NOT a case law, but rather a "Forensic Forum" case with some points in common with the theme at hand
http//www.forensicfocus.com/Forums/viewtopic/t=5410/postdays=0/postorder=asc/start=0/
jaclaz
I've always found this one of the most contentious parts of any case I've been involved in.
I was a sworn Police officer for over 12 years, and proving or showing intent was always the most difficult thing to do, but we took a common sense approach and produce good positive evidence.
By that I mean we will show strong evidence to support that a user of the computer rather than an automated process made deliberate attempts to locate the CP, then further dealt with these files in some way once they were on the computer. Google searches, MRU from the registry, Windows Media Player history, last accessed time stamps for pictures or videos, organised folder structure, efforts to hide or obfuscate the offending material, to name a few.
When it comes to linking a particular person to a user account we look to other activity around the time that the CP or other illegal material was accessed or searched for. Internet banking, modification of personal documents such as a CV or personal emails are all good evidence to suggest a link between a user account and a particular person.
Ultimately it is all circumstantial and it will largely come down to how the expert purports themselves on the stand and how thorough they are in their analysis, but I am very wary of getting involved in a long drawn out academic exercise in proving a thousand different things that didn't happen. If the defense come up with a legitimate defense that really needed debunking then I would go down that path, but as a general rule unless there was exceptional circumstances we would find the CP, find some good strong evidence to suggest user intent, then try and link that user to a person. That was it. We have a very high success rate in Court I should mention, and I believe this is because of that simple approach.
You have a high success rate because the mere thought if the type of charge sickens people and they immediately associate guilt with any crime where a child is involved.
Doubt that? Watch the faces of the jurors and how long they hold on to the evidence, or if they even look at it. Look at someone who is erroneously charged and vindicated. No way they ever get their normal life back, because they are always associated with having that hang over their head.
I've always found this one of the most contentious parts of any case I've been involved in.
I was a sworn Police officer for over 12 years, and proving or showing intent was always the most difficult thing to do, but we took a common sense approach and produce good positive evidence.
By that I mean we will show strong evidence to support that a user of the computer rather than an automated process made deliberate attempts to locate the CP, then further dealt with these files in some way once they were on the computer. Google searches, MRU from the registry, Windows Media Player history, last accessed time stamps for pictures or videos, organised folder structure, efforts to hide or obfuscate the offending material, to name a few.
When it comes to linking a particular person to a user account we look to other activity around the time that the CP or other illegal material was accessed or searched for. Internet banking, modification of personal documents such as a CV or personal emails are all good evidence to suggest a link between a user account and a particular person.
Ultimately it is all circumstantial and it will largely come down to how the expert purports themselves on the stand and how thorough they are in their analysis, but I am very wary of getting involved in a long drawn out academic exercise in proving a thousand different things that didn't happen. If the defense come up with a legitimate defense that really needed debunking then I would go down that path, but as a general rule unless there was exceptional circumstances we would find the CP, find some good strong evidence to suggest user intent, then try and link that user to a person. That was it. We have a very high success rate in Court I should mention, and I believe this is because of that simple approach.
If I may, a couple things worth of note (about the OP - highlighted/bolded for convenience)
Hey, I have been asked for my class to figure out what it takes to prove intent in a cyber case. Is there any ways that you can do this easily using evidence from digital evidence?
Not sure what type of case you're referring to. But in CP cases for example, ….
All right that helps a lot. And the case doesn't really matter any type of case involving computer crime. Thanks!
IMHO the easily simply does NOT exist, *everything* and particularly proving intent is difficult and complex (and it is VERY possibly outside the competence/scope of the "pure" digital forensic investigator), and if we could exit from the "narrowed" proposed example of CP, I am pretty sure that answers/contributions would be more useful.
As a matter of fact, among all possible different cases of "cybercrime", there have been ONLY CP related examples/comments.
I would guess that such cases are (hopefully) very rare, anyone that can bring on his/her own experience/thoughts with some other example of more common cases?
jaclaz
As a matter of fact, among all possible different cases of "cybercrime", there have been ONLY CP related examples/comments.
I would guess that such cases are (hopefully) very rare, anyone that can bring on his/her own experience/thoughts with some other example of more common cases?jaclaz
Sorry to break this to you, but makes up about 75% of our HTCU's work and is easily our most common job…
As a matter of fact, among all possible different cases of "cybercrime", there have been ONLY CP related examples/comments.
I would guess that such cases are (hopefully) very rare, anyone that can bring on his/her own experience/thoughts with some other example of more common cases?jaclaz
Sorry to break this to you, but makes up about 75% of our HTCU's work and is easily our most common job…
In our Digital Forensics Unit, indecent material jobs make up about 90% of the work so they are far from rare (unfortunately).
In my corporate work, it makes up less than 1%.
In my opinion, all the cases around the world, "indecent material jobs" take one of the smallest fractions of all the cases where digital forensics is involved.
In my corporate work, it makes up less than 1%.
In my opinion, all the cases around the world, "indecent material jobs" take one of the smallest fractions of all the cases where digital forensics is involved.
Yes, this is what I was hoping it was.
But anyway, I'll try to rephrase my previous post.
Given that the specific subject of CP (and ONLY it) has been commented/talked about, no matter how relevant this particular "branch" of Digital Forensic is in your personal experience and also how relevant it is in overall cases your office/firm/department dels with and ALSO no matter how relevant it is in percentage on all CF cases all over the world, can someone post *something* (examples/expereinces/thoughts/etc.) about *any* non-CP related case where "proving" intent is part (or should be or should not be) of the DF job?
jaclaz