When finding nothing may be evidence of something: Anti-forensics and digital tool marks

Graeme Horsman, David Errickson

Research output: Contribution to journalArticle

36 Downloads (Pure)

Abstract

There are an abundance of measures available to the standard digital device users which provide the opportunity to act in an anti-forensic manner and conceal any potential digital evidence denoting a criminal act. Whilst there is a lack of empirical evidence which evaluates the scale of this threat to digital forensic investigations leaving the true extent of engagement with such tools unknown, arguably the field should take proactive steps to examine and record the capabilities of these measures. Whilst forensic science has long accepted the concept of toolmark analysis as part of criminal investigations, ‘digital tool marks’ (DTMs) are a notion rarely acknowledged and considered in digital investigations. DTMs are the traces left behind by a tool or process on a suspect system which can help to determine what malicious behaviour has occurred on a device. This article discusses and champions the need for DTM research in digital forensics highlighting the benefits of doing so.
Original languageEnglish
Pages (from-to)565-572
Number of pages8
JournalScience & Justice
Volume59
Issue number5
Early online date3 Jun 2019
DOIs
Publication statusPublished - 30 Sep 2019

Fingerprint Dive into the research topics of 'When finding nothing may be evidence of something: Anti-forensics and digital tool marks'. Together they form a unique fingerprint.

  • Cite this