Here is a List of Digital Forensics Terms for Lawyers to Learn
Digital forensics is technical in nature, so when attorneys deal with this field, they need to be aware of the meaning of important technical terms. Below is a list of common terms that experts like Elijaht computer forensics use in digital forensics and how they should be understood by attorneys.
- Verified Forensic Image
This refers to a copy of all the contents of a flash drive, hard drive etc. Instead of just copying the files, a forensic image copies all the binary values that represent the information, both visible and invisible, on a target drive. A forensic examiner verifies the forensic image to make sure it is exactly the same as the original, which is referred to as a hash value. Attorneys should be concerned about these verified images because they preserve the original evidence if there is any need for carrying out any forensic analysis further; until they are created, one cannot ensure that the info on the hard drive cannot be modified. This is why you need a verified forensic image created so as to carry a digital forensic analysis.
- Hash Value
Hash value is a unique identifier which validates that a forensic image is an exact copy of an image. Any hard drive or digital file is a set of binary numbers at its core. Professionals use a special algorithm to create a numeric code which is called a hash value that is unique to the exact binary sets on a specific drive. If a single 0 or 1 is changed, then the hash value totally changes as well.
- Write Blocker
This is a special component of hardware that forensic examiners use in order to access digital evidence without changing it. Being connected to a flash drive, hard drive etc., can be risky for your computer’s OS, as it may make changes to your drive as well. This risk can be eliminated by using a write blocker. Ensure that you always use a write blocker or else you may destroy digital evidence rather than securing it.
- JTAG / Chip-Off Forensics
These methods are used for accessing digital evidence on mobile devices, particularly when the device is damaged or is locked by a password. They need very specific equipment and not many labs are specialized to access this data. Attorneys should be concerned about these methods as they are the only way to recover digital evidence from a cell phone that is ruined or locked by password.