The Dangers of The Online World

Google+ Pinterest LinkedIn Tumblr +

To most people, a computer could not be described as Dangerous. We use them on a daily basis to type letters, perhaps browse the Internet, play games or store holiday photos. However, for some, data contained on a computer or mobile phone can provide enough evidence to form the basis of legal proceedings against them.

As a computer forensic specialist I am currently involved in criminal and civil cases involving an array of different subjects, including corporate data theft and espionage, murder, drugs, fraud, theft, employee misbehaviour, child access applications and even probate. These are not just legal cases either; for example, I regularly receive instructions relating to marriage disputes that involve computers and digital media.

Increased media attention over the past ten years in cases such as those within Operation Ore (relating to 7,000 individuals who allegedly subscribed to websites displaying sexual images of children) and more recently, terrorism and ‘happy slapping’ incidents, have provoked a greater public interest in proceedings where digital evidence has formed a crucial part of the case.

Not only is there now a greater general awareness of the capabilities of digital evidence and its potential within legal cases, additionally, reports of websites containing indecent images of children are also continually rising each year (The Internet Watch Foundation reports that the number of websites confirmed as containing unlawful material has increased by 62% over the last three years). It would, therefore, appear that the use of this type of evidence is set to continue to rise.

Increasing resources are now being spent on examining data of this type as part of legal cases where previously it was thought unnecessary. In the past it was commonplace for a Police investigator to restrict an investigation to simply identifying ‘evidence’. Upon inspection of this investigation by an independent party, as part of a more in-depth review, it was frequent for the evidence as a whole to have been misinterpreted and the case against the Defendant was not as it first appeared.

Over recent years, the majority of criminal cases for which we received instructions have attracted greater attention from the Police. We now frequently encounter cases involving supportive evidence (such as user and/or Internet history) as well as the basic evidence that is relied upon as part of the Prosecution case. However, it seems inevitable that an increase in the number of cases limits what can be achieved within a Police Force’s Hi-Tech Crime Unit. Even today we identify the presence of new and previously unconsidered relevant material within approximately 80% of the cases in which we are involved.

For the majority of the time, this is the result of the initial question asked of a Police Hi-Tech Crime Unit investigator, being “What’s there?” The question “How did it get there?” is normally asked only when the Defence looks to respond to the initial allegations. Consequently, that question is normally answered until well after the case has been initiated.

Identifying the basic origins of a file is normally relatively straightforward. For instance, the location of the file normally provides the biggest clue; the activity surrounding its creation is another indicator. However, clearly, the presence of a file and even the identification of its origins do not confirm that the accused deliberately caused its creation nor was aware of its presence. To examine that point normally requires far greater levels of investigation, including the piecing together of items of data in order to build a history of that given file and the activity associated with it.

Identifying the basic origins of a file is normally relatively straightforward. For instance, the location of the file normally provides the biggest clue; the activity surrounding its creation is another indicator. However, clearly, the presence of a file and even the identification of its origins do not confirm that the accused deliberately caused its creation nor was aware of its presence. To examine that point normally requires far greater levels of investigation, including the piecing together of items of data in order to build a history of that given file and the activity associated with it.

When dealing with cases involving indecent images of children, for instance, there are various methods for an image to have been created on a computer hard drive, including, but not limited to, websites accessed whilst browsing the Internet, received e-mails and peer-to-peer software, such as KaZaA. Within each of these originating sources several possible mechanisms can cause the creation of a file without the deliberate and intentional actions of the user.

One such example is a case in which I was involved within the last 18 months. This related to a 19-year old male who, like most 19-year olds, lived at home with his parents. However, unusually, this young man faced allegations of making and possessing 9 static and 11 moving indecent images of children. The images had been stored in two folders within his ‘user’ profile on the family’s home computer. After two years of investigation by the Police, that included an examination of the family computer by the Force’s Hi-Tech Crime Unit and an externally sourced expert computer consultant as well as a number of interviews and Court appearances, the accused still had not made any admissions of guilt and claimed that he was simply unaware of the presence of the images.

The Prosecution relied upon the fact that the unlawful images were contained within manually created folders of the Defendant’s ‘user’ profile and they also identified the presence of keyword searches for terms that were likely to result in the creation of unlawful material.

I examined the case and noted that the 9 static images had arrived via a small number of web pages containing legitimate adult pornography and had been created automatically by image downloading software. This software, I noted, had searched for and downloaded any images present on any web page that it encountered. A number of further observations were made as to the apparent lack of awareness of the user regarding the presence of the images following their creation.

Share.

About Author

Leave A Reply