214.988.9240 1312 Village Creek Drive, Suite 900, Plano, Texas 75093 info@rubioforensics.com
White paper

How Examiners Explain Technical Information Can Make or Break a Case

by Grace Rubio March 30, 2018
Magnet Forensics recently released a whitepaper entitled “12 Tips for Presenting Digital Evidence in Court”. The title of this article is a bit misleading, as many of the tips pertain to forensic examinations in general and not necessarily presenting the results before the Court. Rubio Digital Forensics will address each of these categories and whether the recommendations presented are valid and/or necessary.
The first seven recommendations presented in the whitepaper primarily focus on the examiner’s knowledge of legal principles, digital forensic tools and methods, and the physical seizure and acquisition of evidence. A basic knowledge of legal principles and their application to electronically stored information should be considered mandatory. Examiners must understand the laws surrounding the seizure of evidence, the need to maintain a chain of custody and its importance in the admissibility of evidence before the Court, and the volatility of digital evidence.

Forensics tools can only do so much

Examiners should also know the capabilities of the forensic tools in their toolkit. While Magnet Forensics suggests examiners be trained and certified in the forensic tools themselves, Rubio Digital Forensics’s experience has been that understanding how to use a tool does not mean that the examiner understands the origin or significance of the displayed artifacts. If the examiner does not understand the raw data, how can he or she determine if the forensic tool analyzed the data correctly?

Reproducibility of Artifacts

The next two tips presented in the whitepaper deal with correlating artifacts and validating one’s results. As a forensic science, digital forensics relies on the ability to replicate results. Examiners must remember that digital forensic tools are simply tools. Examiners must be able to replicate the same artifacts using multiple tools to ensure that the results are valid. In addition, examiners must rely on multiple artifacts to properly correlate an activity or event.

Reports and Presentations of Evidence

  • Forensic reports must emphasize key findings and explain the significance of each finding and how it relates to the overall examination.
  • Examiners must be cognizant of their audience and provide analogies and/or visual aids to clearly explain technical concepts. .
  • Summaries and timelines of event are helpful for readers to have a clear understanding of the incident.
  • If examiners are able to explain technical information to a lay audience, they will inevitably project confidence and credibility in their testimony..
Next Post

The Potential Cost of Spoliation

Post Comment

About Us

Rubio Digital Forensics

Rubio Digital Forensics is a private investigation firm licensed by the Texas Department of Public Safety.

Never Miss News

Texas License No. A09418901
Rubio Digital Forensics, LLC is licensed by the Texas Department of Public Safety’s Private Security Bureau as required by Chapter 1702 of the Texas Occupations Code.
Contact Us
Copyright 2024. Rubio Digital Forensics, LLC. All rights reserved.