“Crime Scene!” Does this word bring an image of blood splattered on the floor, bullet holes, chalk outline, and an investigator mimicking Sherlock Homes in his overcoat and top hat? But this is not exactly what we are addressing in this article. We are referring to a cybercrime where there is no blood spatter, no fingerprint, no bullet holes, and no misplacement of things. Finding evidence in cybercrime is an entirely different story, one where the protagonist is a detective behind a screen.
What Is Digital Forensics?
Digital forensics is the act of assisting an investigation by accumulating evidence from digital artifacts. These digital artifacts include computers, network, cloud, hard drive, server, phone, or any endpoint system connected to the infrastructure. The activity also includes collecting information from emails, SMSs, images, deleted files, and much more. In short, the responsibility of digital forensic investigator is a threefold process:
- Preserving or recording the state of a digital device
- Analyzing the state of digital device
- Reporting retrieved information
In the case of a cybercrime, a digital forensic examiner analyzes digital devices and digital data to gather enough evidence to help track the attacker. As data are abundant due to digital dependencies, the role of a digital forensic investigator is gaining prominence everywhere.
Digital Forensics Is More Important Now Than Ever
With 95% of the Americans owning mobile phones today, the existence of data is staggering.  But it is not just mobile phones that forms a part of investigation, but other devices like laptop, desktop, tab, juke box, play station, smart watches, and everything under the Internet of Things family are responsible for exchange of data. The advancement of technology adds more to the volume of data, and therefore, digital forensics should be expanded to adapt to meet the needs of the users. The emergence of higher sophisticated devices has stressed on the importance of digital forensics too.
Eminent Cases Solved with Digital Forensics
Digital footprint stands the amount of usage or accessing the data on various digital devices. By following the digital footprints, the investigator would be able to retrieve the data that are critical for solving the crime case.
1. Matt Baker—2010
Matt Baker, a Baptist preacher, was convicted of murder of his wife and was sentenced to imprisonment for 65 years. In the year 2006, his wife had apparently committed suicide by overdosing on sleeping pills. The suicide was confirmed based on the suicide note left by his wife. Later, while analyzing Baker’s computer, the search history of Baker’s computer had found that he has searched for “overdosing on sleeping pills” and had also visited several pharmaceutical websites prior to the wife’s death. 
2. Krenar Lusha—2009
Krenar Lusha of the United Kingdom was arrested based on his internet search pattern. On investigating his laptop, it was found that he had downloaded a manual of 4300 GM to make explosives and search belts. When they searched his apartment for further investigation, the police also recovered 71.8 l of petrol, potassium nitrate, and a live shotgun cartridge. He had also used his laptop to chat with people via MSN, describing himself as a terrorist or a sniper. He presented himself as a person who wanted to see Jewish and American people killed. These conversations were retrieved from his computer and used as digital evidence in the court. 
3. Larry Jo Thomas—2016
More than 250 Facebook posts are mentioned as a source of digital information gathered during a forensic investigation in the Indiana appellate court. One of the recorded cases talks about Larry Jo Thomas who was wrongly representing himself under the name ‘Slaughtaboi Larro’ on Facebook. He posted a photo on his Facebook wall with an AR-15-style assault rifle. When the investigation on the murder of Rito Llamas-Jaurez occurred, Larry was found guilty as Llamas-Jaurez was shot dead with AR-15-style ammunition. Investigators also found a bracelet near the crime scene which matched the one that Thomas was found wearing in one of the photos on Facebook. 
4. Mikayla Munn—2016
A Manchester University student, Mikayla Munn, gave birth to a baby in her dorm room bathtub. She immediately drowned her new born in the bath tub but covered it up stating that she was not aware of her pregnancy and labor pains were felt while taking a bath, followed by the baby’s arrival. On verifying her digital assets, investigators have found that she had searched on Google for “at home abortions” and “ways to cut the umbilical cord of a baby.” Munn pleaded guilty to neglect and was imprisoned for 9 years. 
5. Ross Comptown—2017
Ross Compton from Middletown, Ohio, was convicted on the grounds of aggravated arson and insurance fraud of his Court Donegal house. The incident costed him $4 millions in damage. When Ross submitted fake medical certificates describing his heart illness, the data from his pacemaker served as evidence before the court of law. The data collected from pacemaker included his heart rate, pacer demand, and heart rhythms which helped prove arson and insurance fraud. 
There are many cases of criminal and civil types where the gathered digital evidence has helped uncover hidden scams. If the investigation process excites you and you want to opt for a cyber forensic investigation career, then take a look at the Computer Hacking Forensic Investigator by EC-Council. The C|HFI certifies you in the specific security disciplining of computer forensics from a vendor-neutral perspective. For more details about the program, visit our webpage: https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/