A brief history of digital forensics

Although forensic science itself (including the first recorded fingerprints) has been around for over 100 years, digital forensics is a much younger field as it relates to the digital world, which mainly gained popularity after the introduction of personal computers in the 1980s.

For comparative purposes in trying to grasp the concept of digital forensics as still being relatively new, consider that the first actual forensic sciences lab was developed by the FBI in 1932.

Some of the first tools used in digital forensic investigations were developed in FBI labs circa 1984, with forensic investigations being spearheaded by the FBI's specialized Computer Analysis and Response Team (CART), which was responsible for aiding in digital investigations.

Digital forensics as its own field grew substantially in the 1990s, with the collaboration of several law enforcement agencies and heads of divisions working together and even meeting regularly to bring their expertise to the table.

One of the earliest formal conferences was hosted by the FBI in 1993. The main focus of the event, called the International Law Enforcement Conference on Computer Evidence, was to address the need for formal standards and procedures with digital forensics and evidence acquisition.

Many of these conferences resulted in the formation of bodies that deal with digital forensics standards and best practices. For example, the SWGDE was formed by the Federal Crime Laboratory Directors in 1998. The SWGDE was responsible for producing the widely adopted best practices for computer evidence (discussed later in this chapter). The SWGDE also collaborated with other organizations, such as the very popular American Society of Crime Laboratory Directors (ASCLD), which was formed in 1973 and has since been instrumental in the ongoing development of best practices, procedures, and training as it relates to forensic science.

It wasn't until the early 2000s, however, that a formal Regional Computer Forensic Laboratory (RCFL) was established by the FBI. In 2002, the National Program Office (NPO) was established, and this acts as a central body, essentially coordinating and supporting efforts between RCFL's law enforcement.

Since then, we've seen several agencies, such as the FBI, Central Intelligence Agency (CIA), National Security Agency (NSA), and Government Communications Headquarters (GCHQ), each with their own full cybercrime divisions, full digital forensics labs, and dedicated onsite and field agents, collaborating assiduously in an effort to take on tasks that may be nothing short of Sisyphean, when considering the rapid growth of technology and easier access to the internet and even the Dark Web.

In the Caribbean and Latin America, there have also been several developments where cybercrime and security are concerned. The Caribbean Community Implementation Agency for Crime and Security (CARICOM IMPACS) has been formally established and has published the CARICOM Cyber Security and Cybercrime Action Plan (CCSCAP), which seeks to address vulnerabilities within the CARICOM states and also provide guidelines for best practices that would aid in cybercrime detection and investigation. The CCSCAP can be downloaded at https://www.caricomimpacs.org/Portals/0/Project%20Documents/CCSAP.pdf.

With the advancement of technology, the tools for digital forensics must be regularly updated, not only in the fight against cybercrime, but in the ability to provide accountability and for the retrieval of lost data. We've come a long way since the days of floppy disks, magnetic drives, and dial-up internet access, and are now presented with Secure Digital (SD) cards, solid-state drives (SSDs), and fiber-optic internet connections at gigabit speeds. More information on cybercrime can be found on Interpol's website, at https://www.interpol.int/en/Crimes/Cybercrime.