Notice: This is the last article in a five-part series dealing with the issue of data recovery. The titles of the full series are as follows:
Date Recovery in Forensics, Crime and Espionage (This Article)
In the four previous articles about data recovery, the focus was on data recovery because the owner of the computer device concerned was desperate to recover the info. Loss of data due to a variety of faults and accidents were described and guidance provided on the rescue of lost data. Sometimes owners of instruments also delete data intentionally. Once again, this falls inside the normal use of equipment and millions of pieces of data are wiped off cyberspace on a daily basis because it is no longer required.
Another scenario is where data is wiped off a device intentionally with the added reason that the user of the instrument wants to hide the existence of the data with the urgent motive that the existence of the data should never be discovered. Computers, tablets and mobile phones are all used in the commission of crimes. Users of these devices know absolutely that the existence of their crimes can be discovered if the data on their communications tools are available to law enforcement agencies to provide direct or circumstantial evidence of their activities.
So, in many cases, users delete data from their instruments because they assume that the deletion will have the effect to not only remove the data but will, in addition, make the information inaccessible to law enforcement and aid them in the concealment of their crime. When a website is visited providing advice on the commission of a homicide that will be unlikely to be detected, most users will take it for granted that the deletion of the site visit history will remove any opportunity to discover the activity that may reveal evidence against them. Data recovery of deleted information, however, remains a strong weapon in the hands of law enforcement agencies.
The fact that the deletion of such data is possible brings with it some interesting questions. Can the user accept that the deletion will remove the existence of the data permanently? Can law enforcement obtain access to the information from a legal point of view? Is it morally acceptable that information that may lead to the solution of a crime can be made inaccessible and in this way assist criminals to get away with serious crimes?
The art of recovering evidence on a scientific basis which leads to the solution of a crime is referred to as forensic data recovery or in broader context as forensic sciences.
Essentially there is no such thing as deletion of data on computer devices. A professional forensic expert will be highly likely to have the ability to retrieve data deleted from a computerized tool. Devices are used on a daily basis for a wide variety of tasks. This fact is complicated by the user's preferred options and the various applications downloaded on the mechanism involved. There is, for example, a large number of data stored on the locality of the user, especially with reference to mobile phones. The points of communications between cell phones and communications instruments of the various mobile service providers, in short, referred to as towers, are recorded continuously. The information captured includes the date and the time of communications and therefore reveals the exact location of users at all times relevant to the commission of a crime. Photos are also marked with locality, time and date and thus is a further source of helpful information. Even applications that are claimed to be secured can leave a footprint and be collected at a later stage. Messages too can be wiped from computer instruments, but they remain available for a period until they are overwritten by new data, and can therefore reveal evidence in a criminal prosecution. Data recovery in crime therefore plays an important role in the resolution of criminal acts, felonies or otherwise.
We mentioned above that visits to websites may be a source of information in criminal cases. Even if the browsing records are deleted a full account of browsing visits can be recovered from the device. This means that access to the instrument is essential to collect the required evidence. One of the first actions taken by law enforcement when a crime scene is investigated is to remove all computer apparatus from the scene for analysis if legally possible. The result is that access to the equipment will only be possible if the owner or user provides the passwords. Sometimes the user may not be available or the password will be denied. In such cases, it is possible to crack the password, but the more complex the combination the more difficult recovery becomes and the longer it takes. In the meantime, mobile phone manufacturers are continuously working on upgrading their security measures and the creation of software to bypass those measures are ongoing. Software for forensic data recovery is becoming available at in increasing pace.
This brings me to the ethical question as to whether the protection provided to criminals can be justified on ethical grounds. The other side of the coin is that access to information where a person is later proven to be innocent can be considered a significant intrusion on the victim's basic right to privacy. By turning off certain settings on your computer devices the gathering of sensitive information can be avoided before it takes place. In some countries, users can not be forced to provide access to their devices. My conclusion is that the weighing of the interest of communities to have crimes solved against the private rights to privacy will continue to be an issue of serious debate in future.
The term hacker is one that we are familiar with due to the fact that it is a much talked and written about subject, often also depicted in movies. Criminals with unlawful intent can gain access to your personal information. Identity theft or the hacking of a bank account allows criminals to come away with your hard-earned savings. I remember a documentary seen on a TV show that told the story of a South African man hacking the personal information of a very beautiful girl in the USA. This information was used on a dating site operational in the USA including the photos obtained from this girl to create a fake identity on the dating site. A long-term relationship developed between a young man from the USA and the hacker from South Africa posing as a stunning girl. It was only when the innocent victim insisted on meeting the girl in person that the story was unearthed. The criminal activity of the SA man had a devastating effect on the victim in the USA. It triggered something in him which refused to accept the innocence of the girl involved and although he was informed of the facts he harbored a deep-seated resentment toward the unknowing girl. He later traveled to her home address with the firm intent to kill her as punishment for her actions unable to identify his own illogical conclusions. Although his attempt was unsuccessful due to the incidental absence of the girl on the night planned for her execution he was detained and sent to jail. Such is the dire consequences of using data recovered for the purposes of a crime.
Another example that seems to be on the rise is the recovery of information from a person relating to his bank particulars leading to large scale bank fraud. Electronic bank transactions are often coupled with messages on mobile phones to verify the identity of the user. When personal information is combined with a SIM swap on the relevant mobile, with the assistance of mobile service providers, the door opens for illegal transactions on the victim's bank accounts and sometimes losses of a substantial nature. These two examples show how data fraud affects the man in the street, but the Internet abounds with accounts of staggering sums of money moved from banks into private accounts from the computers of individuals performing their crimes from the comfort of their homes.
The gathering of information for the purpose of spying on business rivals or for the purpose of gaining access to sensitive governmental plans are examples of data recovery in espionage for the purpose of gaining a strategic advantage. In the case of business, the information can be used to sabotage competition, gain access to innovations in business systems and obtaining information to solicit new clients, to name but a few. Historically rival countries have always captured information from each other and even countries who have been long-time allies appear to spy on each other. With the tremendous rise in the use of computerized intelligence the use of cyberspace for espionage has gained increasing importance. For every act of industrial or political espionage experts are creating programs and systems to eliminate the gains that their adversaries may be making. An ever-growing cycle with no foreseen closure in modern society.
There are zero sub-categories in this parent category.