1) Give an example of terminology that could be confusing between a digital forensic expert, a lawyer, judge, and potential jurors. In your opinion, how could this potential issue be
reduced? Can we ever eliminate this issue?
In their everyday’s work, digital forensic expert, a lawyer, judge, and potential jurors have sometimes had to work together. However, this kind of cooperation is not without its challenges. One and the major challenge is the different in their professional languages which raise controversy in the interpretation of certain terms especially between forensic experts and their legal expert counterparts. In his discussion, Mohsen Mahmood identified one of such terms as “Evidence” in general and “document” in particular. I agree with Mahmood that the word document can potentially cause controversy between the computer forensic experts and the law experts. As he noted, the word document do exist either as a digital or paper-based document depending whether it is on the computer or not. The source of this confusion seems to be originating from the way in which the two groups normally apply the relevant rules and laws that were are specifically formulated for the cases surrounding the paper based documents to the to digital documents.
The major issue is the fact that unlike the computer forensic experts which are normally trained in all matters pertaining to application of computers in examining every kind of document which has generated some kind of dispute in the law courts, the law experts have in certain cases been found lacking in the required knowledge for the accurate interpretation of the documents. In agreement with this, Houck & Siegel (2010) note that there will always be a slight difference in the interpretation results, especially those of the digital documents, in a case where the interpretation by the two groups of professionals are required.
Though not with clarity, he makes this argument more valid when he provides an example of a case where there was controversy between people who had used the same laptop to keep their documents. He failed to specify the profession of Mr. Ball whom, according to him, was tasked with the reduction of the computer based documents to a written form (Ball, 2005). That is, it is not clear whether Mr. Ball was a forensic expert or a legal expert. However, it is true that dealing with such a big volume of document could have attracted controversy if a computer forensic expert was to scrutinize the work of the law experts or if the two were to work together based on the level of expertise they would have employed (Casey, 2011).
2) What are some of the ways that data can be hidden within storage media? Describe two methods in detail and possible ways this hidden data can be detected.
I will however disagree with Tara Raquel in the approach he gives the question. The question clearly required the student to discuss two methods through which data can be hidden within a storage media and the possible ways in which the hidden data can be detected. Instead, he gave and explained two terms that a nontechnical courtroom audience may not understand. The two terms, file slack and honeypot, are not among the methods of hiding data. I therefore feel that the student was to restrict himself to the methods which can be used to hide data.
I would have advised the student to discuss such methods of hiding data as cryptography and steganography. In this case, cryptography is the conversion of data into an unreadable format known as cipher text such that only those who have the secret key can decipher the message into readable text. This method uses two main styles in encrypting data. That is symmetrical encryption asymmetric cryptography (Calabrese, 2004). Steganography, on the other hand, is the art and science of writing messages in a hidden form to ensure that it is only accessed by the sender and the intended recipient. It differs from the cryptography in that, apart from making the messages unreadable, it also hides the existence of the secret communication (Kessler, 2004).
However, the hidden data can always be detected by comparing the modified files to the originals. This can be done to the information which is being moved as graphics on a website. Research has also indicated that steganography can be detected through a physical examination using magnification and ultraviolet light as well as the screening of the mails of the suspected individuals or organizations (Kessler, 2004).