Home
Welcome
What is F. Sci?
F.Sci History
FORENSIC TOPICS Accounting
Animation
Anthropology
Archaeology
Art
Ballistics
Cold Cases
Computer
Criminalistics
CSI
DNA
Engineering
Entomology
Environmental
Expert Testimony
Linguistics
Medicolegal
Nursing
Odontology
Pathology
Photography
Psychology
Serology
Toxicology
Trace Evidence
MUST READ Book O.T Month
Expert Articles
Expert Interviews
Free eBooks
Magazine Articles
RESOURCES Educational
Forensic Sci 2.0
Forensic Audio
Our Forensic Blog
More Great Blogs
FAQs
Forensic Journals
Quality F.Sci Links
Media Watch
Free Science Pics
Forensic Q & A
Forensic Webcasts
DEGREE FINDER F.Sci Degrees (US)
F.Sci Degrees (UK)
F.Science Online
CSI Degree Info
Online Crim Justice
CAREER INFO F.Sci Career Info
Forensic Jobs
Free Training
F.Sci Technician
MISCELLANEOUS Advertise With Us
The CSI Effect
Famous Forensics
F.Science (India)
Science For Kids
F.Sci Conferences
Terms of Use
Contact Us
JUST FOR FUN Escapism Zone
CSI Miami Tagline
F.Sci Formula
Murder Mystery
BEFORE YOU GO Sign Guestbook
Keep Up To Date
[?] Subscribe To This Site

XML RSS
Add to Google
Add to My Yahoo!
Add to My MSN
Subscribe with Bloglines

Using Screen Recording in Cyber Forensics

by Raspal Chima
(England)

Using BB FlashBack in Cyber Forensics

Using BB FlashBack in Cyber Forensics

Computer forensics is a demanding field, requiring a high level of rigor to ensure the correct procedures have been followed.

Commonly, a cyber investigation examines how a digital resource like an app, a hyperlink or a Web search box works.

It is the job of an investigator to record what he sees and hears in such a way that it can be used in court to show what the resource did at the time of the investigation.

Without a recording, valuable evidence can disappear. A Web page or a Facebook wall, for instance, may display one thing now and something different five minutes later.

So how can an investigator preserve a competent recording of what he sees and hears?

Case Study:

Benjamin Wright*, a technology lawyer in the US, set out to devise a new and better way to record the work of a cyber-investigator which could be a police detective who is tracking activity on the Web.

Ben needed a tool that would capture a split-screen video record, showing both activity on a Web browser and simultaneous activity in a webcam. Furthermore, he needed the tool to create a final movie file that could easily be saved to a hard drive and transmitted as an email attachment.

BB FlashBack screen recorder presents a perfect way to make a permanent screencast record of a cyber investigation - showing what appears in a Web browser as the investigator clicks and types.

However, the software required for a cyber-investigation has to do more than just reliably capture a screencast. The software needs to capture a simultaneous webcam video of the user, which BB FlashBack does perfectly.

To authenticate the screen recording as the verifiable, legally-signed work and testimony of the investigator, Ben uses a split-screen to show a webcam image of himself (acting as investigator) observing and talking in real-time as the screencast was captured. The split-screen makes for compelling, easy-to-understand evidence and virtually constitutes a legal affidavit by the investigator.

The movie shows the investigator reading prepared remarks (i.e. his testimony as a witness) on camera, as he looks at written notes off-camera and confirms the time of the recording.

In making a forensics investigation report, he incorporates words such as confidential, attorney-client communication and attorney work-product directly into the spoken words of the movie. This makes the movie a verifiable, authenticated, legally-signed digital record without having to rely on digital signature? technology.

Normally, when an investigator captures a record as a file, under conventional practice the investigator applies his or her "digital signature" to authenticate the file as secured evidence. But this can prove problematic because a digital signature relies on a complex infrastructure (commonly a public key infrastructure or PKI), and involves the investigator holding, using and protecting a private key.

Verification of a digital signature after it is created depends on proof that the investigator possessed the private key, had relevant training for its use, and possessed the considerable resources needed to protect the private key. Often in practice, such proof can be difficult to acquire.

Using screen recorder software means the demonstration movie can employ a webcam signature instead of a digital signature as an acceptable alternative.

A webcam signature captures real-time testimony by a signatory and links it to the evidence (i.e. activities in the Web browser, vocal observations by the investigator, facial expressions by the investigator and so on).

Ben's movie of a cyber investigator using BB FlashBack can be seen on YouTube:

http://www.youtube.com/watch?v=UgH6hzwAg5Y

*Benjamin Wright is a practicing member of the Texas Bar Association, He teaches the Legal 523 course (Law of Data Security and Investigations) at the SANS Institute.

Click here to post comments.

Join in and write your own page! It's easy to do. How?
Simply click here to return to Forensic Science 2.0.






Read FBI Profiler & Serial Killer Classics on Kindle

Click Here For Full Details.