Advances in Forensic Data Acquisition

Editor’s note: You all know this from watching CSI: When a crime is committed, usually some form of digital evidence is left on devices such as computers, mobile phones, or the navigation system of a car a suspect has used. Indeed, law enforcement agencies are regularly interested in data from personal devices to find evidence, guide investigations, or even act as proof in a court of law. This tutorial article by Felix Freiling et al. mentions the San Bernadino case as a prominent example. But how do police investigators go about accessing this evidence? Is what is shown on TV realistic? Whereas, in times of classical hard disks, accessing data was quite easy due to the non- volatility of the memory device. However, this is getting increasingly difficult because of developing technologies like SSDs, other forms of flash storage, and, in particular, for volatile memory such as RAM, with the major problem being to read out data while guarding “authenticity.” In the past ten years, there has been some substantial development in the area of forensic data acquisition, which is summarized by the article. It gives clear indications of what currently can be technically done and what cannot be done by police investigators. So, if you watch CSI again and the cops need to access some digital evidence, you can tell truth from fiction. —Jurgen Teich, Friedrich-Alexander-Universitat Erlangen-Nurnberg