Computer forensics rises up the legal agenda

The legal profession is responding to the increasing importance of digital evidence in legal cases by extending its professional development training to include computer forensics. In the first of a series of presentations to 23 Essex Street, information forensics specialists Andy Clark and Nick Spenceley, directors of Inforenz, spoke about The Hidden Life of Documents. They demonstrated how rigorous forensic investigation can reveal unexpected information about computer files such as how, when and by whom they are created. They were also able to show how such data has provided key evidence for both prosecution and defence in a wide variety of criminal cases. The Inforenz talk was followed by a presentation by barristers from 23 Essex Street about the legal issues surrounding the use of digital evidence.Lynn Griffin, the barrister who initiated this training at 23 Essex Street, said: “I have experience in trials of successfully using the significant amount of evidence that can be derived from computer files. As a result of our experience within Chambers we recognise the importance not only of understanding this form of evidence but also of ensuring that those who provide it adhere to the highest professional standards. Computer forensics is now a key part of our CPD (Continuing Professional Development) programme –its importance can only grow and we are pleased to be amongst the first chambers to address this in our training.”

Nick Spenceley of Inforenz commented: “Digital evidence is becoming an increasingly important area of law and there is a need for excellent communication channels between information forensic specialists and the legal community. We were very impressed with the barristers’ and solicitors’ rapid grasp of the potential of computer forensic evidence. We in turn learned more about the legal constraints especially regarding the disclosure of metadata, and our clients’ needs from the complementary presentation by barristers about the legal implications of digital evidence.”

Inforenz next presentation in this CPD programme will be about Tracking Email, an issue currently high up the political agenda.

About Inforenz

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Inforenz is a computer forensics investigation company that provides software products and consultancy services to government, law enforcement agencies, commercial law firms, financial institutions, forensic accountants and corporate investigators seeking to recover digital evidence.

Inforenz conducts all stages of information forensics investigations, from evidence recovery to expert witness testimony. In addition, Inforenz is developing a suite of specialist software products for computer forensics professionals, the first release of which is the metadata recovery and analysis package, Forager®.

Inforenz was founded in 2001 by Andy Clark, Vince Gallo and Nick Spenceley, key players in the development of information security over the past two decades. Using its Deep Thought supercomputing platform, Inforenz has particular strengths in recovering concealed and encrypted data.

About 23 Essex Street

23 Essex Street is primarily a criminal set whose members practise in all areas of criminal law, both defending and prosecuting, across London and the South Eastern Circuit. Silks practise throughout the country. 23 Essex Street has a particular reputation in the core area of criminal work, in cases concerning serious crime, and other cases including white-collar crime, such as criminal fraud; criminal offences relating to the protection of intellectual property; money-laundering offences; and customs and revenue offences.

Lynn Griffin is named as one of the “leading lights” of the legal profession in Legal Experts 2004, and identified by researchers as being highly recommended in her field of expertise of intellectual property. She has been identified as a “leading junior” in the field of intellectual property in The Legal 500.

She specialises in criminal sanctions for infringement of intellectual property rights and has regularly appeared to prosecute on behalf of the Federation Against Copyright Theft Ltd., conducting cases under the Video Recordings Act 1984, Copyright Designs and Patents Act 1988, Computer Misuse Act 1990, Trade Marks Act 1994 and offences of conspiracy to defraud.

Media Enquiries
Stephen Fleming at Palam Communications
Tel +44 (0) 1635 299116
Email [email protected]
web www.palam.co.uk

Carine Wayne-Campbell
Marketing Co-ordinator
23 Essex Street
Tel +44(0) 207 413 0353
Email [email protected]
Web www.23es.com

General Enquiries
Andy Clark
Director, Inforenz Limited
Tel +44 (0) 845 644 5435
Email [email protected]
web www.inforenz.com

Lynn Griffin
Barrister
23 Essex Street
Tel +44(0) 207 413 0353
Email [email protected]
Web www.23es.com

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...