At AVM Technology, we frequently investigate suspected computer crimes for private organizations.  As such, we have seen first-hand how computer crimes are on the rise and carry serious penalties.  On the Federal side, prosecutions under the Computer Fraud and Abuse Act, 18 USC 1030 are on the rise.  Also, Intellectual Property crimes are prosecuted at the Federal level.

On both the State and Federal side, crimes such as computer fraud, computer trespass, Internet solicitation of minors and possession of child pornography are investigated and prosecuted on a daily basis.  All of these cases necessarily involve the analysis of digital evidence through computer forensics techniques.

Generally, the prosecution side is adequately prepared to tackle digital evidence.  Virginia or FBI computer forensics teams have direct access to the digital evidence in the case and sometimes a long amount of time to examine the evidence and prepare the case before an indictment is even issued.  This definitely leaves the defense attorneys at a disadvantage.  We frequently assist criminal defense attorneys in Virginia in being able to adequately understand and analyze the technical and computer forensics aspects of the case against their client.

An expert computer forensics, at AVM Technology, we can provide invaluable assistance to a criminal defense attorney.  While the majority of our clients retain our services, we also assist court-appointed attorneys in cases involving computer crimes.  We review the evidence, not only what the prosecutor shows to the defense attorney, but also the hidden evidence that could contain crucial exculpatory evidence.  If you are a criminal defense attorney in Virginia and are representing a client in a criminal case involving digital evidence you need to at a minimum:

1. Review the metadata associated with each file supporting the charges.   This is not just a cursory review to see the created, modified, and last accessed times.  This review must involve a review of authorship metadata, obfuscated metadata, source origin, allocation table transaction.
2. Review the Operating Systems artifacts to get a complete picture of the system, its users, the behavior of the users, and very importantly, the potential presence of spoliation by an untrained or careless law enforcement investigator, some case agents “browse” the evidence before sending it to a certified police forensics examiner.
3. Review the entire Internet history, including the relevant dates that may explain the source of certain files that may be the source of the prosecution.  The idea is to form a well informed opinion of whether a crime occurred and, if so, how did it occur.  Of course, the Internet history review is not limited to the list that the attorney may receive from the prosecutor.  There may be access and log files containing a wealth of information that the defense attorney may never know about otherwise.
4. Review all the evidentiary hash values, including those generated by the prosecution’s computer forensics expert.  The importance of this can’t be overstated.  Hash values are similar to the digital fingerprint of the evidence.

The four steps above are only the beginning.  If, as a criminal defense attorney, you do not enlist a competent computer forensics expert to assist with this, your client will not have the most adequate defense.  Sometimes an adequate defense includes finding exculpatory evidence, sometimes it may involve being able to have realistic expectations of what the evidence shows.  At AVM Technology, as computer forensics experts, we strive to provide criminal defense attorneys with objective, candid, and value-adding advice so that the attorney can take it from there.  If you are a criminal defense attorney representing an individual facing cyber crime accusations, contact AVM Technology.