It’s been a fun few weeks, putting this series together and sharing it. I will almost certainly come back to it, but for now I’m moving on to other topics. This post will be a few thoughts, all the links in one place for those who want to bookmark the information, and of course the usual discussions in comments.
- Part One: a bit of history, what is admissible in court, and why.
- The Crime Scene: searches, evidence collection, and preservation of evidence.
- Evidence Collection: The nitty-gritty of evidence collection, with a case study.
- Blood Spatter and Ballistics: study of motion, sprays of blood, and where did that bullet come from?
- Toolmarks and Firearms: Using microscopic markings to match up evidence.
- It’s Written in the blood: a brief overview of serology and toxicology.
- Forensic Toxicology: Poisons, Drugs, Scientific Analysis and the Law (this is a paper on my own website, and not geared toward writers but includes some interesting case studies).
- The Gold Standard: DNA evidence and analysis.
There are whole missing sections of this, like questioned documents and what’s sometimes called ‘cyber forensics’ so do understand that this is a light overview of the world of forensic science. Since literally any sort of scientist could be called on to use their knowledge in a legal case, forensic science is very broad. There are, for instance, forensic botanists, odontologists, geologists… I left off the cyber forensics because it is the field I am least familiar with. It is, however, one of the fastest growing and most challenging in the legal aspects of it.
Consider this: If you have a phone, like the recent case with Apple, the FBI, and the San Bernadino terrorists, how do you get into it? When do you need a warrant? What do you do to prevent a phone that belongs to a suspect who is still alive and on the run from being remotely accessed? A mobile phone contains a wealth of information, enough to be comparable to carrying in your hip pocket what would have taken a warehouse to store back in the time of the Constitution’s writing. The phone is very tempting to the forensic analyst. But it is also clearly protected from search and seizure under the ‘papers’ of the Fourth Amendment.
The Fourth Amendment of the U.S. Constitution provides, “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
As a writer, this is an interesting wrinkle to explore. As a citizen, knowing that your whole life is on that device, and that it can be collected into a Faraday bag that will cut it off from all signals, and laid open to an investigator, it’s even more interesting and I used that word in a not-so-good sense. Laptops, tablets, GPS devices, all of these can be used to track and trace a subject’s path not only in the physical world, but the cyber one as well. Here, again, the TV shows with their hacking and hacker-types are pretty far off base, I’m given to understand. But it’s not my specialty (mine is more sticky, and stinky, and wet) so I’m not going to address it at length. Feel free to take it up in the comments, or if someone wants to write a guest post, get in touch with me. I’d like to include the topic in the series.
Because this series is also meant to be a springboard for speculation on ‘what comes next?” for those of us who write science fiction. Cyber forensics is the wave of the future, as the ‘Internet of Things’ is born, and our devices become smaller, more fictional (Dick Tracy watches, anyone?) and possibly, implanted into our very bodies. How do you access an implant without consent based on a warrant? What happens if you have a crime scene where an implant has been removed? What if removing the implant from the body’s biofeedback wipes it? How do you keep a victim alive long enough to forcibly download them? And prevent the signal from reaching investigators who could use it to triangulate into your position?
With all that speculation, I will leave you for this week. See you in the comments! I’m traveling, but will check in from time to time.
thanks for this series, Cedar.
Oh, you are so bookmarked.
Comments on cyberforensics:
Note: I’ve only been on the edges,with simple stuff that these days any kid can do, all at the request of the owners, and none of it associated with criminal investigations. Real capabilities are much more intensive and over my head.
In a nutshell, computers are slobs, and leave data fragments everywhere. Most of us know that an erased file isn’t really gone, not even if the recycle bin is empty, and will remain there until the data is overwritten. There’s software to overwrite date to various specifications, but there’s also speculation that three-letter organizations might still be able to recover the data by residual magnetism on hard drives.
Solid state drives tend to wear out with use, and have internal wear leveling code, which raises the debate if even file and disk wiping programs can erase data a casual computer user couldn’t recover. There’s amazing, inexpensive, programs out there that can recover the contents of a solid state drive while you drink your coffee.
Really, there’s a lot of software in that class these days. When we recovered a lost spreadsheet password, we used a canned program. No code breaking skill needed. Of course, spreadsheet passwords were – and maybe still are – almost trivial things. That said, there’s canned forensic programs available that law enforcement can use for all sorts of data recovery while they wait.
It’s even theoretically possible to recover data in computer memory under certain circumstances.
I do not know about solid state drives, but with hard drive data recovery you usually make an image of the drive, put it on another disk, and work with that instead of the original. Would be surprised if cyberforensics didn’t do this first..
Password cracking depends on the encryption (see using a canned program to recover a lost spreadsheet password) to the complexity of the password, and can range from guesswork to a dictionary attack (using known words) to brute force (trying each character at random) to a old fashioned rubber hose. This can range from encrypted files to a type of hash file to access a computer. Unless the data is encrypted, you can access “password protected” data on most computers by simply using a boot disk or putting the drive into another computer.
Keep in mind all this is only baby stuff. What the pros can do would probably curl our hair.
On the legalities, a lot of it would seem to fall under established procedure for search and seizure. There’s a case before the USSC right now that deals with the legality of blood test for DUI suspects, and one of the things is that apparently a warrant isn’t needed for a breathalizer test. Another thing that came out is “instant warrants,” where it’s now possible for police in the field to contact a judge, present provable cause, and obtain a search warrant.
Here’s something that a friend who witnessed a one car accident observed. The state patrolman asked the accident victim to see his phone. The reason? To check the logs to see if he was using it at the time of the accident. Legal without a warrant? Don’t know.
For that matter, where does using equipment such as IR fit in? Do police need to obtain a search warrant for what is unobtrusive observation? And if no, what about intercepting cell phone and data traffic, or using other non-intrusive means of observation that gives more detail than IR?
Sorry to run long.
Re. thermal imaging. IIRC, there was a case where police got suspicious about a house and used thermal imaging to find a large hot area, got a warrant based on that and on the utility bills, and found a large marijuana grow room. Kyllo vs. the US ended up with the ruling that thermal imaging required a warrant. https://supreme.justia.com/cases/federal/us/533/27/case.html
Thanks Cedar, this has been excellent and will get used. I may just print everything out so I’ve got it within an arms reach.
Interesting about cyberforensics of implanted devices — in my current novel WiP, the discovery of an implanted computing device is the extraordinary evidence which proves that a major character is indeed from another timeline and her memories of her life in it aren’t just waking dreams, the working out of some psychological trauma. A discovery which raises a bunch of *interesting* legal questions, ranging from immigration to the status of her conviction in the other world for felony illegal AI, in a heavily politicized show trial.