Podcast How Digital Forensics plays a critical role in modern crime solving in cybersecurity breache

This podcast explores cybercrime, digital forensics, and cybersecurity breaches. It discusses the evolution of these areas and the challenges faced by investigators. It also highlights the role of digital forensics in determining the nature of cybersecurity breaches and identifying intruders. The development of tools and techniques for digital forensic investigations is also mentioned. The importance of maintaining the integrity of digital data and the admissibility of digital evidence in legal proceedings are emphasized. The challenges faced by investigators in obtaining search authority and the need for companies to implement cybersecurity measures are discussed. The importance of evidential integrity and the use of validated tools in preserving and analyzing evidence are also mentioned. Overall, digital forensics plays a crucial role in addressing cybersecurity breaches but faces complexity due to legal, ethical, and subcultural issues. This podcast explores cybercrime, digital forensics and cybersecurity breaches and their interconnected evolution. I will discuss relevant definitions, capacity and digital anti-subcultures, types of evidence, legal frameworks and ethical complexities related to cybersecurity breaches and the critical role digital forensics plays. Between the 1970s to 1992, computer forensics played a crucial role in solving legal problems using scientific approaches. Personal computers became common, but the lack of standardization of laws and cybercrime definitions led to new online behaviors. For example, the hackers of culture included notorious hackers Kevin Mitnick and John Draper, and open-source intelligence, or OSINT, were vigilantes interested in identifying hackers. Investigators were challenged by the requirements for the meticulous examination of evidence and navigating differences in hackers' psychology and identity. Hackers and OSINT operate where legal and ethical issues can be debated. For example, Draper in 1971 and Mitnick in 1995 have different profiles. Mitnick had both positive and negative motivations, so can be described as a grey-hat hacker. Draper was a curious novice best in his skills as a phone freak and could be described as a cyberpunker. In modern-day investigations, grey-hat hackers can be considered technology experts, whilst novices who adjust to their skills can be seen as harmless because of the mens rea element of their cybercrimes. OSINT was problematic because it lacked authority compared to law enforcement and used unstructured processes. This resulted in a fundamental flaw because of the negative implications of trials, as evidence collected may have been unfairly obtained and without following law such as the Police Criminal Evidence Act 1984. In modern-day, OSINT might provide relevant and legally probative evidence because their investigation and surveillance techniques involve advanced computer skills. Thus, the Investigatory Powers Act 2016 might provide legal back-end. However, the Human Rights Act 1998 still imposes a duty on courts to restore fair trials and to rectify unfairly obtained evidence. Computer forensics succumbs to digital forensics because of the impact that technology evolution had on computer and cybercrimes. Digital forensics involves using human intuition and scientific principles to uncover and analyze information from digital devices. Thus, as technologies continue to advance, potential hazards escalate because cybersecurity breaches are typically calculated attacks carried out by unauthorized parties who gain access to confidential information. Digital forensics plays an essential role in determining the nature of cybersecurity breaches, identifying intruders and evaluating their damage. The development of the Forensic Toolkit in 1992 provided a scientific format for digital forensic investigations, ensuring the accuracy of objective conclusions. This includes defining the investigation's specific laws, gathering evidence, formulating a hypothesis, testing the hypothesis, and recording the results, then replicating the findings using different investigators to prove the results. Finally, a scientific explanation of digital evidence is communicated in simple language to assist the judge or jury in understanding the evidence based on the DuBart standards for acquisition of evidence. In 2007, ZATCO defined digital forensics and emphasized the importance of maintaining the integrity of digital data, aligning with the steps outlined in STK. Principles such as prompt search authority, plane of custody, mathematics and use of validated tools, predictability, and expert presentation of evidence are key in prominence. The admissibility of digital evidence depends on it serving a legal purpose in acquiring a search authority. For example, a search warrant to obtain a smartphone that supports a conviction. Investigators face major challenges in obtaining a search authority. Firstly, the scope of the search warrant and reasonable expectations of privacy must be obeyed. Secondly, securing technology is challenging because attackers outnumber investigators and execution of cybersecurity breaches only has to be right once. Third, even if the digital evidence is reliable, it cannot adversely impact the fairness of a trial. And fourth, law enforcement agencies generally place low importance on cybercrimes. Finally, companies leave themselves open to cybersecurity breaches by failing to implement crucial cybersecurity measures. The plane of custody is the chronological documentation of evidence. Gates v. Bando 1996 establishes the precedent that the credibility of a report is equally important to evidence. Therefore, faulty procedures and evidence preservation creates an assumption of forensic information bias. Therefore, competent computer investigators must uphold evidential integrity and ensure original data is not lost. Using validated tools like FDK to extract and analyze different types of evidence assists investigators in different ways. Firstly, the imaging tool allows for a bit-by-bit copy of the original file, image or data to be made. Secondly, the integrity of digital evidence and its forensic analysis can be verified using hash algorithms. Third, it can locate deleted files from volatile and non-volatile data sources like computer RAM. The smartphone is classed as real evidence because it provides a hypothesis on what happened. Documentary evidence are documents contained in a record like digital trails that identify a smartphone. IP scatter tools can be used for network carving to identify smartphone and IP MAC addresses by detecting prior connection and service activity. IP addresses act as a digital fingerprint and identify the location of a device to a specific address. MAC addresses are used to identify the device itself. In conclusion, digital forensics plays a fundamental role in modern-day cyber security breaches because it establishes the legal duty to apply formalized scientific processes to search, seize, preserve and analyze evidence. However, technological advances have made these investigations extremely complex because government laws, ethical principles and subcultures conflict.