The investigative agencies, to meet different operational requirements, with the collaboration of professionals from the most diverse fields, including digital forensics, one of the forensic science branch of applied digital device, which analyzes any digital type specimen, in order to collect information that is later used as part of a judicial process. It follows that the computer forensics and particularly forensic appraisal carried out by an industry expert is a useful investigative support activity provided by a private investigator in cases of separation, infidelity, domestic violence, child abuse or acts of work.
To get to the heart of and deepen the role of forensic expertise in relation to investigative activities we interviewed Riccardo Meggiato, a leading expert in Digital Forensics and author of several books on computer security and computer investigations as The Dark Side of Network , Cyberwar. Did you know that a computer can kill ?, light on the network: small manual of digital investigations.
Richard, you who are one of the leading experts in digital forensics in Italy and abroad, can you tell us what a forensic expertise and what is it?
A forensic expert consists of the activity carried out by an expert (expert) time to retrieve information from the digital artifacts that are then used in a judicial proceeding character, in order to substantiate or deny a certain defensive thesis or accusatory. Such analysis is headed by the Digital Forensics branch that scans all digital artifacts, such as e-mail, computer, smartphone, until you get to the analysis of records in the cell phone and image analysis. For example, it happened to work in a famous murder case, in which was found a mummified body was needed to determine whether the archive photos of that body had been tampered with so many years ago with respect to the conservation status the present body, so in that case I had to work in consultation with a doctor.
In such cases we resort to a forensic expert?
It makes use of forensic expertise in criminal or civil cases, such as labor disputes. Often it happens that some employees turn to a forensic expert because they recorded a conversation with their employer who then did not keep the pacts and then resort to an expert to make sure those conversations are authentic and have not been made to measure . Other cases in which they are used forensic expertise are the causes of separation, betrayal, but also criminal cases such as domestic violence, child abuse, murder, kidnapping and child pornography. Once it happened to me a case of child pornography on the alleged changes to some pictures and my role was to verify that the image was not retouched in any way.
What are the advantages of forensic analysis?
The advantage of forensic analysis is the ability to put a quality warranty seal (affidavit) on a digital proof. It is affixed by an expert to prove that there was evidence of the element pollution.
So forensic expertise has a very high incidence in a process?
Yes. If we consider the case Gambirasio, we can see that moved on two levels, technological and biological. The biological showed several weak aspects, then we got to the point where some evidence will be found based on the cell phone. Even in the case of Garlasco was key IT expertise, because he had to demonstrate Stasi moments was at the computer. This is like a forensic expert can literally move even the outcome of a trial.
In drafting a forensic expert opinion what are the elements to be taken into account?
First you have to make it clear what is required and who is placed, a judge, a lawyer or other person. Then you have to dissect the key points and remember to only respond on the merits, without adding redundant information. Once put into clear steps, the equipment is specified, the methodology and finally the results. It is important that the methodology is explained step by step, it must thereafter be replicated by any other person who has the same technology. The reason is that an expert opinion to have value must be shared by colleagues of the same pool and also by the other party, so it is crucial exposing step by step the operations that are performed.
The time has changed the way we do forensic analysis?
From one point of view is simplified, for example up to 5-6 years ago smartphones they were of different connectors, so you had to go and retrieve the connectors or write parts of the program to gain access to the phone’s memory. With the standardization of the market there are now two operating systems (Android and iOS) so when you have a phone you already know in which direction to move. On the other hand, however, there is the problem that memories have increased and the security systems of the programs have grown, such as Whatsapp first was easily controlled from the inside, it is now impossible unless you have the phone in hand. Access to basic information is simpler, while going into details is much more difficult than in the past, so if the first 4-5 days were employed for forensic analysis of a phone, today it takes a week or ten days. There is always need a large study because he who hesitates is then glued to the analysis too light. Are there any software that after 30-40 minutes of analysis creates a report on the things that they found inside the phone, however, these programs are not able to link the various information and fail to go deep, because one point found of monitoring systems and fail to break them. In this case the difference is made by those who manage to undermine those systems and go a little ‘further. Are there any software that after 30-40 minutes of analysis creates a report on the things that they found inside the phone, however, these programs are not able to link the various information and fail to go deep, because one point found of monitoring systems and fail to break them. In this case the difference is made by those who manage to undermine those systems and go a little ‘further. Are there any software that after 30-40 minutes of analysis creates a report on the things that they found inside the phone, however, these programs are not able to link the various information and fail to go deep, because one point found of monitoring systems and fail to break them. In this case the difference is made by those who manage to undermine those systems and go a little ‘further.