Digital Forensics - Computers

Digital evidence has become as common, or in some types of cases more common, than physical evidence. This includes not only the “usual suspects” such as computers, mobile phones, tablets and storage media, but also electronically generated materials such as documents, digital photographs, and dashcams. Any of these may contain the key evidence within a case. Our Computer/Digital Experts use specialist techniques to safely examine such devices whilst maintaining the original evidence unaltered, in line with the Forensic Science Regulator’s Code of Practice, thereby ensuring their findings are suitable for presentation in criminal, civil, or other proceedings. Our caseload is not restricted, however, to criminal law. In the business world intellectual property theft, data leakage, industrial espionage and employment tribunals are just some of the areas in which our investigative, analytical and technical skills and experience have been exceptionally effective.

Much of our work in this area falls within our scope of accreditation. Keith Borer Consultants is a UKAS accredited testing laboratory No. 4252, accredited to the international standard ISO17025, and compliant with the Forensic Science Regulator’s statutory Code of Practice. Our accreditation is limited to those activities described on our UKAS schedule of accreditation found here.

Cases involving Indecent Images of Children, Prohibited Images of Children, and Extreme Pornography form a major part of our computer experts’ caseloads. We are able review the classification of such images and identify misclassification or images in which there may be a significant amount of reasonable doubt. We will also draw attention to any case law that may be relevant to the charges. Establishing how the images came to be on the computer, what search terms were used, and who may have been responsible for their presence is our speciality. In this type of case, it is critical to distinguish between the mere existence of files or images and the evaluative evidence that serves to reliably establish their history. 

For example, assessing the actual or likely source of such material and whether the evidence supports an assertion that the defendant was deliberately seeking the charged material, or if it was inadvertently accessed is crucial in proving or disproving intent. It is also important to consider any alternative explanations put forward by your client, such as another user of the computer being responsible for the presence of the material. We can also comment upon whether malware such as viruses or remote access to the computer is consistent with the evidence. Such a full analysis has become critical when prosecuting authorities rely solely on a Streamlined Forensic Report (SFR) or similar, which may contain very little analysis of the circumstances. If you are a CrimeLine subscriber, you can find our Indecent Images of Children podcast HERE.

Each year our highly experienced experts undertake dozens of computer examinations for all types of offences across the UK, Ireland, and further afield. Examples of our work include:

• Establishing provenance of digital material.
• Recovery of live and deleted information, such as documents, images, chats/conversations and emails.
• Review of internet/web browsing activity, such as search terms used and websites visited.
• Classification of Illegal Imagery, including consideration of jurisdictional legislation (for example, the Irish and UK legal systems contain very different interpretations of what is illegal).
• Assessment as to whether any material is present to assist in identifying the user of the computer at the relevant times.
• Employee Leaver Screening, to assess whether any data may have been stolen or deliberately transmitted to a third party.
• Breach of Orders (such as Sexual Harm Prevention Orders (SHPO) or Terrorism Prevention and Investigation Measures (TPIM)). These cases often require an assessment of complex prohibitions in the context of the case to determine whether they may have been breached (and in what circumstances if so). We frequently see such orders being misinterpreted by non-technical stakeholders based on their assumptions as to what the evidence may indicate, rather than a skilled analysis.
• Image, Video and Document analysis, including a review of metadata and considerations of authenticity, which is becoming increasingly important with developments in Artificial Intelligence (AI). This includes reviews of still images/photographs such as JPEGs, movie files, or documents such as PDF or Word documents. We can also work with our Imagery experts, if analysis of the visual content is required (for example, if identification is in question or enhancement is necessary).
• We also work closely with our Mobile Phone experts, where digital evidence may be spread across multiple devices.

Our commitment to you is to provide an accurate, complete and unbiased report in plain English. If it is necessary to use technical terms, then these will be explained. Often, when subjected to expert scrutiny, evidence that initially appears to be convincing or even overwhelming may be shown to be incomplete or misinterpreted. We promise to deliver much more than a simple “data dump” of what was present. As further reassurance, you will also have direct access to our experts to discuss their findings, which is of particular benefit in a complex case. We will also be fully open with you in those relatively rare cases in which analysis is or is likely to be uncertain in its outcome.

If you would like to discuss a case involving computer evidence, you can talk directly our digital forensics experts at our Durham office on 0191 332 4999 or email kbc@keithborer.co.uk.