Whilst many other traditional forensic science disciplines are encouraged to describe the weight of their evidence in some form of quantifiable measurement/expression, this is rarely done in digital forensics. There are calls to rectify this situation, suggesting that the field should begin to develop more robust, scientific methods for evaluating the digital evidence presented by it’s practitioners. Whilst such a recommendation carries a number of potential benefits, caution must be exercised as at present there are no available satisfactory methods for achieving this. This work suggests that attaining such methods may not actually be possible due to the intricacies of digital data and the difficulties involved with the fine-grained interpretation of events. As a result it is argued that attempts to quantify any uncertainty should be abandoned in favour of methods which reliably describe when uncertainty exists and in what capacity. Here, the Digital Evidence Certainty Descriptors (DECDs) framework is offered as a method for conveying when uncertainty exists in a set of digital findings. The DECDs framework is discussed and applied to working examples to demonstrate the difficulties involved with determining the authenticity of a given hypothesis regarding digital evidence.
|Journal||Forensic Science International: Digital Investigation|
|Publication status||Accepted/In press - 17 Nov 2019|