Computer Forensics – Criminal vs Civil – What’s The Difference?

In the field of computer forensics, as in the field of law, procedures in civil cases differ somewhat from those in criminal cases. The collection of data and presentation of evidence may be held to different standards, the process of data collection and imaging can be quite different, and the consequences of the case may have very different impacts.

A couple of quick definitions may be in order. Criminal law deals with offenses against the state – the prosecution of a person accused of breaking a law. Such offenses may of course include crimes against a person. A government body, or the representative of a government body accuses the person of having committed the offense, and the resources of the state are brought to bear against the accused. Guilty outcomes can result in fines, probation, incarceration, or even death.

Civil law covers everything else, such as violations of contracts and lawsuits between two or more parties. The loser in such a dispute often must give payment, property or services to the prevailing party. Imprisonment is not at issue in civil cases. As a result, the standard for evidence is not as high in civil cases as in criminal cases.

For the law enforcement computer forensics specialist, a certain amount of extra care should be taken in collecting data and producing results, for the standard of proof is higher. There are advantages on the data collection end, however. For once a court has authorized a search warrant, an officer (and possibly several) with badge and gun can go seize the defendant’s computer by surprise and by force. Once the computer has been seized and imaged, all data is accessible and may result in additional charges being brought against the defendant.

By contrast, in a civil case, there tends to be a lot of negotiation over what computers and what data can be inspected, as well as where and when. There is not likely to be any seizing of computers, and quite a long time may take place between the time the request to inspect a computer is made and the time the computer is made available to be inspected. It is common for one party to have access to a very limited area of data from the other party’s computer. During this time, a defendant may take the opportunity to attempt to hide or destroy data. The author has had several cases wherein the computer needed for analysis was destroyed before the plaintiff had the opportunity to inspect. Such attempts at hiding data are often discovered by the digital forensic sleuth, who may in turn present evidence of such further wrongdoing in expert witness testimony.

Opportunities for learning techniques and interacting with other professionals may differ as well. While some computer forensic software suites and training, such as Access FTK, EnCase, or SMART Forensics are available to most who can pay, others, such as iLook are available only to law enforcement and military personnel. While many support and professional organizations and groups are available to all, some, such as the High Technology Crime Investigation Association (HTCIA) are not open to professionals who provide for criminal defense (with a few minor exceptions).

When law enforcement has a case involving computer forensics, the intention is to locate enough data to find the defendant guilty in court, where the standard for information presented tends to be fairly high. From the time digital data or hardware is seized and acquired, Rules of Evidence must be kept in mind (Cornell University has the complete and voluminous code on its website). Law enforcement personnel must follow accepted procedures or evidence could be thrown out. Acquisition of data and discovery in criminal cases often must follow sometimes strict and differing procedures depending upon whether the jurisdiction is federal, state, or municipality and at times depending upon a judge’s preferences.

In a civil case, the initial processes of electronic discovery may be just to find enough data to show one or the other party whether they are likely to prevail, should the case go all the way to court. As such, the initial presentation of data may be fairly informal, and be just enough to induce the parties to settle the case. On the other hand, the data found may be so minimal the line of inquiry into electronic evidence is dropped.

Although we use many of the same tools, computer forensic professionals in private practice and those in law enforcement are held to different standards, have access to different resources, and their work results in substantially different outcomes between the criminal and civil cases to which they contribute.

Increase in Digital Crime and Rise in Security Concerns Shall Pace the Computer Forensics Market

The computer forensics market is expected to experience an upsurge on account of the increase in sophisticated digital crime and terrorist attacks and economic growth in developing countries. Computer forensics which refers to analysis and reporting of digital data for a legal purpose is the most prominent market within the overall digital forensic market. Computer forensics have become much dynamic in the field of cyber-crime, to perform a structured investigation, in order to detect hidden facts for accurate investigation results. A variety of techniques are used by investigators to inspect and search hidden, encrypted or deleted files or folders.

Computer forensics have gained wide-popularity in developed regions such as North America and Europe owing to technological advancements and increased cyber-crime rates. While, rise in corporate fraud has increased the demand for computer forensics. The UK and other European countries such as Italy and Germany, have observed an increasing trend for computer forensics as the various industries in the region have become more aware about safety and security of their data. Consequently, manufacturers are exploring innovative products and services to strengthen their market presence and meet the growing demand. Computer forensics have also gained popularity in developing countries such as India and China owing to the increased piracy threats and cyber-crimes, coupled with increased governments expenditure in digitalization of sectors such as banking, law enforcement, defense, and information technology, among others. Rise in disposable income and increase in the number of educated consumers have also supplemented the growth of the market in the region.

The recommendation of computer forensics as a necessity for proper investigation by government organizations, has rapidly increased their adoption rate in both developed and developing economies. For instance, in order to maintain integrity, the governments of different countries in regions such as China and Brazil among others have formed new regulations that are based on the access to data and penalty in the case of modification of data or wrong entry in data records.

To compete with established players, other manufacturers such as Paraben Corporation, Binary Intelligence, and Digital Detectives, among others plan to develop new computer forensic tools to gain consumer attraction and increase their market share. However, the major players in the market such as, Access Data Group Inc., Guidance Software, Inc., and LogRhythm Inc. have been utilizing economies of scale to meet the rising demand for computer forensic. The established brands have adopted product launch, partnerships, and business expansion as their growth strategy to strengthen their foothold in the market. For instance, in February 2015, Access Data Group Inc. announced the development of newly improved software version Summation 5.6, which provides case assessment, processing of comprehensive data, and management, final review and transcript management. The main aim of this product launch was to reveal the enhanced feature of this software among consumers, to gain popularity in the market. However, rising complexity of mobile devices and increased utilization of cloud based applications may hamper the growth of digital forensics market.

Geographically, North America has emerged as the largest market for digital forensics. Increase in cyber-crime rates and technological advancement make this region favorable for growth in the forecast period. However, Asia-Pacific is projected to have the maximum growth rate in the digital forensics market driven by increase in cyber-crimes and rise in consumer awareness in developing countries such as China and India.

Computer Forensics Expert: How to Keep Anyone From Snooping Around Your Cloud

The American Civil Liberties Union, based in New York, NY., reported the U.S. Government claims the right to read personal online data without warrants. This trend is not unique to the U.S. Government. Many governments around the world make requests of these service providers as well.

According to statistics published by Google, it received over 16,000 requests for information affecting over 31,000 users in 2012. Google’s same statistics stated they provided information in over 85% of the requests.

In 2012 Microsoft received over 70,000 requests affecting over 120,000 accounts. While this is a much higher number, Microsoft only produced information on these requests about 2% of the time. Almost 80% of the requests asked Microsoft to divulged subscriber and transactional information only.

Locking the thieves out:

Companies and individuals can take easy steps to prevent thieves, companies and the government from gaining access to online storage which contains private information.

Here are a few basic ways of protecting or encrypting the data to keep prying eyes from viewing confidential and/or personal information:

1) The data can be encrypted before it is stored in the Cloud. Products like TrueCrypt, Privacy Drive and MyInfoSafe allow for the user to encrypt their data. This type of encryption can be done for files as well as folders prior to storing it in the Cloud.

2) Use an “On The Fly” encryption product which encrypts data as it is stored by almost any online storage provider. Products like BoxCryptor, Cloudfogger, SafeMonk, and Viivo integrate with the Cloud Storage provider(s) of your choice encrypting data locally, but seamlessly before it is stored in the Cloud. These services provide encryption completely separate from the storage provider, ensuring even the storage provider employees can’t access data stored in their company’s Cloud.

3) Choose a provider that encrypts the data as part of their service. Storage-As-A-Service companies like SpiderOak, iDrive and Comodo not only transfer your data via an encrypted protocol, these companies also store the data in an encrypted format preventing those who don’t have an access key from easily viewing your data. It is unknown if there is a back door they are able to use to access data stored on their servers.

Businesses are acutely sensitive to government information requests due to their legal responsibilities under privacy laws, such as HIPAA and the Gramm-Leach-Bliley Act. Therefore, in highly regulated industries, such as financial services and healthcare, businesses must strike a balance between government oversight and consumer privacy.

The U.S. Electronic Communications Privacy Act of 1986 was enacted in the early days of the Internet. The act did not require government investigators to obtain a search warrant for requesting access to emails and messages stored in online repositories. In 2001, the PATRIOT Act further added to the authority of the federal government to search records under its “Library Records” provision, offering a wide range of personal material into which it could delve.

We are not suggesting people should try to skirt around the PATRIOT Act. But companies and individuals should do their best to comply with data privacy issues. It should be up to the organization or individual to establish a policy regarding exactly what, when and to whom they disclose information from their Cloud service provider..