±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34077
New Yesterday: 0 Visitors: 160

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

has DF ever had any high-profile fails?

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

has DF ever had any high-profile fails?

Post Posted: Wed Jun 13, 2018 5:02 am

I guess what im curious here is, unlike DNA and finger marks, I dont seem to be able to find any high-profile cases where DF evidence has been crucial and it turned out to be bad. Would Operation Ore be an example (although is this more procedural as opposed to digital evidence misinterpretation?)...


would really like to gather some examples if anyone has any?  

tootypeg
Senior Member
 
 
  

Re: has DF ever had any high-profile fails?

Post Posted: Wed Jun 13, 2018 6:39 am

Hi,

I'm not aware of any where the digital forensics was wrong, in the sense that data capture, or processing, or analysis led to a miscarriage of justice. I am aware of cases where no digital expert saw the data and material was produced for court when it should have been used for intelligence use only.

Cases which could fall into this category were not failings of a digital forensic method, or through incorrect interpretation by an expert.

Jobs that could fit into this category would include R v Porter in 2006 but this was not a digital forensics issue. The CPS prosecuted Porter for being in possession of child abuse images on the day of arrest, when they had been deleted previously. Evidence showed he had been in possession of these images previously but it was incorrect to charge possession on the date of arrest when they had been deleted and were not recoverable by the user without specialist knowledge and tools.

The recent cases breaking down as a result of disclosure appear to be for a number of reasons, including but not limited to;

new evidence coming to light that in some cases the police didn't know about (online and social media material),

evidence that had been assessed as not relevant at the time of disclosure but when a later defence statement was received the disclosure officer didn't re-evaluate all of the data already marked as not relevant'

material that was searched through using keywords but without knowing if variants, spelling errors, abbreviations or slang terms were used and so messages, emails might not have been found,

disclosure officers had no idea what to look for and produced what they produced in good faith, but without any direction from the defence, it wasn't the right (or right amount of) data,

and so on....

The number of experts representing the defence has diminished in recent years and I think this is a bad thing.

I think against the backdrop of cuts, with ISO 17025 taking up money and focus but not really delivering anything that will improve digital forensics, with more digital data and more complex data, it's only a matter of time before there start to be miscarriages of justice.

The question is, without experts available to the defence, will these come to light?

Steve
_________________
Steve Falkner, Forensic Computer Examiner, London, UK 

steve862
Senior Member
 
 
  

Re: has DF ever had any high-profile fails?

Post Posted: Wed Jun 13, 2018 7:05 am

Hi,

Further to the above I probably could mention Op Ore, having worked on a significant number of jobs in Ore.

I am aware that some police forces charged suspects based solely on the presence of their card details being found on the Landslide computer. Examination of their seized devices did not find any child abuse images. As far as I am aware in the Metropolitan Police area nobody was charged unless material was found on their devices, or they admitted to having paid to access it.

There was a lot of mud thrown by certain individuals around how reliable the information from the Landslide computer was. A number of articles were written in the press giving the impression that card details were present because of fraudulent activity. There was even a Radio 4 programme where a former expert in this field spoke about the data, calling into question everything the police were relying on.

The reputation of the police was damaged by Ore and the public were given the impression that the data on that system was wholly unreliable.

On the basis of evidence provided by some of the most technically competent digital experts I know, the High Court were shown how that expert was incorrect in his analysis of the data and eventually ruled that the evidence on the Landslide computer was reliable, and the decision to investigate those whose card details appeared was correct.

The reputation of the police was still tarnished and those publications that had criticised the police, based on incorrect information, never published a redaction or a correction following the High Court's findings.

Steve
_________________
Steve Falkner, Forensic Computer Examiner, London, UK 

steve862
Senior Member
 
 
  

Re: has DF ever had any high-profile fails?

Post Posted: Wed Jun 13, 2018 7:43 am

There was the Casey Anthony trial in the US where the prosecution claimed that the suspect had searched for incriminating terms on multiple occasions.

Subsequent work showed that was an incorrect interpretation of the browser artifacts. There is more information on the Digital Detective website.  

JerryW
Member
 
 
  

Re: has DF ever had any high-profile fails?

Post Posted: Wed Jun 13, 2018 8:25 am

- JerryW
There was the Casey Anthony trial in the US where the prosecution claimed that the suspect had searched for incriminating terms on multiple occasions.

Subsequent work showed that was an incorrect interpretation of the browser artifacts. There is more information on the Digital Detective website.


A&E keeps running a commercial for some special and "the entore firefox history was deleted before casey was arrested " is now just stuck in my head from it airing every commercial break.

youtu.be/epf36g7txAc  

Deltron
Senior Member
 
 
  

Re: has DF ever had any high-profile fails?

Post Posted: Wed Jun 13, 2018 10:23 am

Don't know if this counts but:

Spoke to a guy in law enforcement few years ago, he told me a story about logs that were generated by a function and multiple users could generate the same events using the service, there were nothing tying a specific user to an event generated by the function and the court were unable to tie one specific event to either the user directly before the event or after it had happened due to latency.

While this is more a failing of design, it is also a failure of interpreting the evidence and checking how the function worked.  

MDCR
Senior Member
 
 
  

Re: has DF ever had any high-profile fails?

Post Posted: Wed Jun 13, 2018 12:18 pm

- tootypeg
I guess what im curious here is, unlike DNA and finger marks, I dont seem to be able to find any high-profile cases where DF evidence has been crucial and it turned out to be bad. Would Operation Ore be an example (although is this more procedural as opposed to digital evidence misinterpretation?)...


would really like to gather some examples if anyone has any?


You haven't heard of the Turkish Sledgehammer and Ergenekon cases, or you are looking for cases specific to the UK? Sledgehammer and Ergenekon are probably the best examples (by far) of what can happen when electronic evidence tampering is combined with multiple rounds of inadequate digital forensics. Digital forensics reports with seriously flawed conclusions were used to support the indictments and continued incarceration of well over 500 individuals in those cases. We have done our best to document the technical aspects of one of these cases (specifically, the portion of Ergenekon involving the media organization Odatv) as we have time between casework and software development. There is an enormous amount of information we haven't published yet, simply due to lack of time, but Google will keep you quite busy until we get there.

Mark Spencer, President
Arsenal Consulting, Inc.
ArsenalExperts.com
@ArsenalArmed  

ArsenalConsulting
Member
 
 

Page 1 of 2
Go to page 1, 2  Next