Horsman Graeme, Errickson David
Teesside University, Campus Heart, Southfield Rd, Middlesbrough TS1 3BX, United Kingdom.
Cranfield Forensic Institute, Defence Academy of the United Kingdom, Cranfield University, Shrivenham, SN6 8LA, United Kingdom.
Sci Justice. 2019 Sep;59(5):565-572. doi: 10.1016/j.scijus.2019.06.004. Epub 2019 Jun 3.
There are an abundance of measures available to the standard digital device users which provide the opportunity to act in an anti-forensic manner and conceal any potential digital evidence denoting a criminal act. Whilst there is a lack of empirical evidence which evaluates the scale of this threat to digital forensic investigations leaving the true extent of engagement with such tools unknown, arguably the field should take proactive steps to examine and record the capabilities of these measures. Whilst forensic science has long accepted the concept of toolmark analysis as part of criminal investigations, 'digital tool marks' (DTMs) are a notion rarely acknowledged and considered in digital investigations. DTMs are the traces left behind by a tool or process on a suspect system which can help to determine what malicious behaviour has occurred on a device. This article discusses and champions the need for DTM research in digital forensics highlighting the benefits of doing so.
对于标准数字设备用户而言,有大量措施可供他们以反取证方式行事,并隐藏任何表明犯罪行为的潜在数字证据。虽然缺乏实证证据来评估这种对数字取证调查的威胁规模,使得使用此类工具的真实程度尚不清楚,但可以说该领域应采取积极措施来检查和记录这些措施的能力。虽然法医学长期以来一直接受工具痕迹分析作为刑事调查的一部分概念,但“数字工具痕迹”(DTMs)在数字调查中很少被承认和考虑。数字工具痕迹是工具或过程在嫌疑系统上留下的痕迹,有助于确定设备上发生了何种恶意行为。本文讨论并倡导在数字取证中开展数字工具痕迹研究的必要性,并强调这样做的好处。
