Footprints

When someone puts anything up on the internet, it creates a footprint. Digital footprints are the result of synchronous and asynchronous communication conducted in chat rooms, blogs, email, instant messaging, forums, social networking (e.g., Facebook, Twitter, Instagram), dating sites, VoIP, and audio and video conferencing; the communications all leave digital evidence beyond the communication itself, including time stamp and geolocation metadata.

Technology has changed the investigative landscape for a digital forensics examiner, adding mobile devices and electronic communication and activities to the investigation. Any search for digital data and information will include computer devices and networks, applications, and digital communication forums and formats. Browsers also hold important information, including log-ins, downloads, and authentication credentials.

In recent years, the US legal system has debated the admissibility of data gleaned from digital footprints. The courts respect the right of third parties to preserve individual privacy; however, data from devices and computer systems do constitute evidence. The Department of Justice has established two categories of evidence: hardware (electronic) and information (digital).

In addition to gathering information from digital footprints, an examiner needs to carefully follow evidentiary protocols and the chain of custody with mobile devices since information from the footprints may be admitted into a court of law.

References

American Academy of Forensic Sciences (AAFS). (2016). Entry post.  http://www.aafs.org/students/choosing-a-career/types-of-forensic-scientists-disciplines-of-aafs/

US Department of Justice (DOJ). (2004). Searching and seizing computers and obtaining electronic evidence in criminal investigations. https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ssmanual2009.pdf