Some of my clients have been surprised to learn that training in digital forensics includes a sizeable dose of training in Fourth Amendment rights, and the legal aspects of inspecting digital devices.
When I was training in digital forensics at Boston University in 2015, my mobile forensics professor, Dr. Yuting Zhang, particularly stressed to us the importance of knowing and following the law as an investigator and analyst.
This was a key takeaway from my Mobile Forensics & Security class with Dr. Zhang. While the majority of the class curriculum focused on the technology of mobile devices, teaching us file structure, extraction techniques, and approaches to analysis, a good chunk of it was devoted to the laws that we would need to make sure we followed when extracting and inspecting data from digital devices.
Going into the program, I had no idea this was the case — I had assumed that this was the responsibility of the person who handed me the phone or PC for extraction. It turns out that the responsibility falls on all of us in the chain of custody, from the judge who rules on a discovery request and the lawyer who sends me an RFP, all the way down to me.
But once I learned this fact, I grabbed it with both hands and hit the ground running. By the end of class I had memorized the Fourth Amendment to the U.S. Constitution, and was up to date on the still-fast-changing federal and state laws around law enforcement access to mobile devices.
This training has come in handy multiple times. While I’ve never had an attorney ask me to do something the violates the Fourth Amendment, I am regularly asked by lay persons to look at a device that doesn’t belong to them, usually because they suspect their significant other is cheating. I categorically do not take these jobs.
My training also prepared me for situations when, while inspecting data to look for evidence to support (or refute) a particular charge, I might find evidence of a completely different crime, sometimes of a far more serious nature. And, if this happens, that I am to immediately cease inspecting the data, and report it to the attorney who hired me. This has happened only once in my nine-year career, but Dr. Zhang had drummed this into me so thoroughly that I acted without hesitation.
We also engaged in discussions of ethics in class, much like a law curriculum (so I’ve heard). For example, what if we were asked to do a mobile analysis for a defense lawyer on a sexual assault case? Could we take the case and remain impartial, despite the heinous nature of the accusation? What if we think the person is guilty?
My take was that everyone deserves the best defense they can get, regardless of the crime or the evidence at hand. That our job is to get at the truth of the matter. Regardless of whether the text messages or emails or documents were inculpatory or exculpatory, it is our job to find them and include them in a coherent report that the judicial system can use as intended. That we are not the judges here — we are simply delivering information, and our opinion of guilt or innocence is not part of the equation.
At the time this was a bit of a revelation, but I incorporated it into my work as a digital forensics analyst, and I fiercely stand by it today. I have taken on cases of some pretty severe crimes, and I do my part: I deliver the exact and complete information, and let the court decide based on the evidence.