Whenever a legal incident that begins online comes to notice there is a very small window to manage the collection and preservation of the data. If you've ever watched the popular A&E documentary television series entitled “The First 48“, you have been exposed to the importance placed into the actions that take place within first couple of days after the discovery of the crime. Just as in the physical world, a “CSI” team must be the first to step in to ‘freeze' that moment in time for later analysis. No one else involved should touch anything until it has been preserved by their trained evidence collection team. Popular culture has conditioned us to accept this process in the physical world. Over the last decade, we have been introduced to the concept of computer forensics where a computer or smartphone may contain important data and must be preserved. But what happens when that case begins online? Online cases far outnumber both physical crimes and also crimes that start with a device that is in your custody. In these cases, the collection of data must be handled with much more care and finesse.
This is where Social Discovery comes in. The most common methods of preserving a moment of time online are: 1) Taking a screenshot using software like TechSmith's Snagit, 2) printing to PDF, or 3) downloading the entire website using an offline browsing tool such as HTTrack. All of these methods are good, but they do not present data in a forensic fashion that can be scrutinized later by an expert. A screenshot can be taken of a doctored web page. The same can be done with a PDF printout. Files can be manipulated in an offline browser after download. In all of these cases the case is relying only on the testimony and the credibility of the individual who collected the data. There is no benchmark with which to measure his/her accuracy by an outside expert. Social Discovery, a very recent specialty introduced in the last couple of years, has made it possible for online acquisition of data to be held to the same standard as blood evidence and computer forensics. Let's face it. More crimes are taking place in the cloud than known locations. This requires a tried process that has been tested in court. Social Discovery is a process that ensures all data is not only collected properly, but preserved with the proper forensic properties including a hash value that can be compared to the original. This will be the difference whether or not your online evidence stands the scrutiny of the opposing counsel's expert.
At IPCybercrime, all of the common techniques are included in every service we provide. We also recommend that you request our additional Social Discovery service. For an additional fee, we can deliberately collect every tweet, Facebook post, Youtube video, or anything else that can be published online. Social Discovery also includes forensic collection of web-based emails such as GMail, Hotmail and Yahoo! (if credentials are provided by deponent). Whatever you do, make sure you have your bases covered. Social Discovery is the way to go.