Slashdot Mirror


Worried about Digital Evidence Tampering?

2marcus writes "As digital technology continues to improve and is used in more and more applications, the ease of tampering with digital files becomes more pertinent. This is especially important in the field of criminal justice, where even the appearance of possible impropriety can sway a jury. CNN has an article on the issues with digital photos being used for fingerprints and other forensics evidence."

21 of 292 comments (clear)

  1. Only solution by Anonymous Coward · · Score: 3, Insightful

    make digital evidence inadmissable. Photoshopping/gimping/email fraud/video editing is becoming too easy and too difficult to trace.

    1. Re:Only solution by metallicagoaltender · · Score: 4, Insightful

      Uhhhhh...you just made it next to impossible to prosecute a lot of crimes. Take kiddie porn for example - you're saying that a hard drive full of kiddie porn images shouldn't be admissable?

      Please clarify your point, because you either didn't think your comment through, or meant something entirely different than what you wrote.

    2. Re:Only solution by gcaseye6677 · · Score: 5, Insightful

      With our society relying on more digitized information all the time, it is not practical to make it all inadmissable as evidence. There's no way in the world that you could prosecute computer crime or for that matter almost any fraud without digital evidence. As for the photo example, non digital photos can be doctored as well. For example, you could doctor a photo digitally, recapture the picture with film and develop the non-digital photo of the digitally altered image. If its done well, it would be very hard to detect. Bottom line is, we need better evidence authentication, not exclusion of all digital evidence.

    3. Re:Only solution by Mysticalfruit · · Score: 4, Insightful

      Possibly, here's one expensive solution. Some solid state memory card company should start making write once memory that would work in a digital camera. Along with the image would be an md5 sum.

      Then the images could be copied to cdrom along with the md5 sums. If the defense feels that the images have been tampered with, they can always be verified against the md5sum and then if so, the archived memory card.

      --
      Yes Francis, the world has gone crazy.
  2. This shouldn't change anything by Anonymous Coward · · Score: 4, Insightful

    There has always been the possibility that the evidence could have been tampered with before. Since it is digital this only makes it slightly easier to do. It shouldn't matter however because it is always based on the honesty of the law enforcement official to do what is right.

  3. Chain of custody by LostCluster · · Score: 4, Insightful

    Any form of physical evidence can be tampered with. That's why the chain of custody is such an important concept. Everybody who had control of that evidence from the point it was discovered to the courtroom needs to testify that they didn't nothing funny, and they saw to it that nobody else did anything funny. That makes tampered evidence just as bad as any other lie to the court, somebody's on the hook for perjury.

  4. DIGITAL evidence ? by cwernli · · Score: 5, Insightful

    Heck, where I come from not even regular (=non-digital) photos et al. are admitted as evidence in court - because they are too easily tampered with.

    Basically only human intel is admitted as evidence (witnesses) - if you want to admit other evidence (such as footprints etc.) you show photos (as an illustration, not as the proof) of course, but _always_ backed up by witnesses (fellow officers, forensics guy) who could be called to testify under oath.

  5. Tamper vs Analyse by nuggz · · Score: 4, Insightful

    Yes, but then the question of "what is tampering".

    There are actually cases of people photoshopping fingerprints to "bring them out".

    Is that evidence tampering?
    What if they just use a large burn/dodge tool? what if they just use a small one?

    Where is the line?

  6. Fear of false tampering claims by astrashe · · Score: 4, Insightful

    If tampering is possible, even if it's unlikely, there will always be an out for people who don't want to believe evidence.

    In practice, the rejection of valid evidence will probably be a bigger problem than the creation of invalid evidence.

  7. Seems kinda funny by onyxruby · · Score: 3, Insightful

    Seems kinda funny, the more you know about technology, the less trusting of it you are. Seems a bit like long time cops that remain paranoid for years after leaving the job. Witness electronic voting regularly get scoured here, as do other forms of tech that are supposed to be accepted as "unquestionable".

    1. Re:Seems kinda funny by rewt66 · · Score: 3, Insightful
      No, it's because as you learn more about the technology, you learn that it isn't perfect. And this is a good thing.

      We need people who will look at the computers output and say, "That can't be right. I don't care if it came from the computer, it can't be right!" Like especially the doctor who is just about to remove a cancerous lymph node, and the computer is telling him/her to amputate your leg.

  8. partial answers to issues raisedin articles by mrhandstand · · Score: 4, Insightful
    changelogs

    modify ONLY copies

    originals all go onto read-only media

    checksum religiously


    WRITE GOOD POLICY for maintaining digital evidence...and post it before you start using digital media. Review it once a year, or more often to revise for unforeseen issues. Educate your detectives, and your Asst. DA's.

    Rinse, later, repeat.

    --
    Always value the individual over the system. --Bruce Lee "I don't need a Sig - I have a custom 191" - me
  9. Market opportunity... by BigBadBri · · Score: 4, Insightful
    I see an opportunity of an enterprising digital camera manufacturer here - Sony already do a DV camera that records to DVD - adding some tagging information (GPS coordinates + date/time + operators security code) to each image should be feasible, and given that one PD was saving $6000 per month in Polaroid costs, I'd have thought that even at $10K per throw, a high quality camera could be produced that would provide adequate traceability of the images taken.

    --
    oh brave new world, that has such people in it!
  10. Precedent Set by Common Sense? by l0ungeb0y · · Score: 4, Insightful

    I think anyone who knows ANYTHING about computers would tell you that there is no guarantee of security or stability.

    Lawmakers should take this into account and require the prosecution or plaintiff show beyond a reasonable doubt that the data can in fact be reasonably trusted and has not been handled by an untrusted or malicious party.

    Overall, this question raises a lot of issues. But I feel the courts need to decide on a set of guidelines that can be used to assure the jury and the defense that the evidence presented to support accusations can in fact be trusted.
    Because who's to say an overzaelous prosecuter didn't hire someone to "put" something on the suspect HD?

    But even then the courts might have a hard time ahead. Already we've seen cases that raise this question in which there can be no "safe-guard" and in fact the defense relies upon the exploitablity of software. This was demonstrated in the kiddie porn trial in the UK in which the defendant got aquitted because his lawyers successfully argued that a virus planted the porn on his PC.

    Ulitmately, it is double-sided issues such as this that are leading us down the path of Microsofts Secure Computing initiative. But that is a mission that is doomed from the start... history shows us that no matter how secure they make it, some one will break it.

  11. Also, "ownership" of events by angst_ridden_hipster · · Score: 5, Insightful

    We've already seen a few kiddie-porn cases in Great Britain thrown out because the machines had been compromised, thus making it impossible to conclusively prove that the individual arrested was responsible for the crime.

    But this points up a scary possibility, one which has already been hinted at in various places, which is that there's no robust trace of events. Once there's a backdoor in your system, there are a lot of things that can happen:

    - secrets can be observed.
    - "evidence" can be planted.
    - activities can be spoofed.

    Say you live under a repressive government, and somehow offend someone with 'l33t h@x0r skillz. You may find, for example, that you published a series of articles critical of the leadership. Yup, it came from your personalized copy of Word, and was sent from your IP address. If they've planted a keylogger, it could even be digitally signed with your PGP key. In a less oppressive environment, you might discover that you just mailed a collection of kiddie porn to the FBI.

    Now the person screwing you could be some vicious script kiddie, but there's also the potential for abuse in the political world. Like the case in Malaysia, where an opposition leader was tarred with a faked sex scandal, political operatives can be neutralized by opponents through these means (please don't let Karl Rove read this posting!).

    Scary stuff...

    --
    Eloi, Eloi, lema sabachtani?
    www.fogbound.net
  12. Re:DRM? by onyxruby · · Score: 3, Insightful

    Actually, I found and read the article before slashdot posted a link to it. I also happen to know how tempting it could be for a lab tech to be told that the bad guy of the month could get off, and by the way just how clear can you make that photo with photoshop? It's ok to enhance a photo to give the cops a pointer on what direction to go in a case, as long as the enhanced photo isn't used for evidence. If you read the article you'll see they were talking specificly about enhancing photos that were to be used as evidence in trials. You did read the article, right?

    Someone who is highly skilled in photoshop can easily manipulate an image well enough that even people in the image can't quite tell what if anything is different. This is quite common with photos used for magazine covers, advertising and the like.

  13. Re:Digital sound evicence by djh101010 · · Score: 3, Insightful

    If you think digital photos are easily tampered with, think about how easy it is to tamper with a WAV file. "I did not do it," can become "I did do it" with the flip of wrist.

    And yet, with a simple md5 checksum or any other of dozens of other techniques, such a change is impossible to make undetectable. The chain of evidence would need to show that at time of recording the md5 checksum of the file was 258c2891488526d239077559ae4fabab, and that the md5 checksum of the current file is still the same. Show the chain is intact, you've got that part of it covered. Get some mathematician to explain to the sheep of the jury that these are better odds than DNA, hell, call it "Digital Fingerprint" or something, and get on with the case.

    Demonstrate this, since they won't get it from the math guy, by taking an image, changing a single pixel, and recalculating the checksum showing that it changes entirely. Don't _tell_ them, _show_ them that if you change the digital information, the "Digital Fingerprint" changes drastically.

  14. Re:Wrong by angst_ridden_hipster · · Score: 3, Insightful
    Gnupg and similiar encryption tools, combined with date and time stamping (perhaps even authenticated date and time stamping via ntp servers) could be deployed relatively simply and make data tampering virtually impossible (e-mails are certain to be real, and have been created on such-and-such a date, etc).

    Ah, but they were written by someone who broke into your machine, used a keylogger to get your passphrase, and were sent by this other individual while you were out having a beer with your buddies.

    Sure, you have a good record that the email was sent at 8:30pm, but, then you can't really prove that you were at the corner bar at that time. After all, will the jury believe the testamony of your drinking buddies, or a cold, cryptographically-secure computer log?

    (Admittedly, this is less likely to be an issue in investigating a crime that has already been committed... but if it's a computer-related crime, the probability goes up.)

    --
    Eloi, Eloi, lema sabachtani?
    www.fogbound.net
  15. Do you trust the system administrator? by MrNybbles · · Score: 4, Insightful

    So let's say someone breaks into the MegaCorp computer and causes billions of dollars in damage and causes a few powerplants to go off line in the East Coast of the US during a heatwave causing many people to die.

    Now let's say that the person who did this is found because he forgot to modify/erace the system logs and a criminal trial begins.

    Now let's also say he hires Jacky Childs as his lawyer who asks the system admins, under oath, if the system logs are nothing more than common text files. Then he asks if it is possible that any of the admins could log on and edit that text file log. Unless they got the logs being directed to a line printer an constantly printed out, Jacky Childs just found his reasonable doubt. Good luck with the civil suits!

    Seriously though, this could be a real problem one day soon.

    --
    Losing faith in humanity one person at a time.
  16. The scary part... by gillbates · · Score: 4, Insightful

    ...original pictures of fingerprints and other evidence are encrypted so they can't be changed, and burned onto a CD, giving the lab the equivalent of a film negative to reference later.

    Um, yeah. Well, if they're encrypted, you either:

    • have the key and can change the image, or
    • don't have the key, and you can't see the image

    I think what he meant to say was checksummed and encrypted. While this does provide a reasonable degree of security against tampering, it in no way establishes that the pictures were real in the first place. It is a very trivial matter to write a CD today with a date of 01/01/1998.

    Yes, checksumming does provide a reasonable degree of security provided other safegaurds are taken. However, defeating this scheme is still too simple. Consider:

    • Murder takes place in 1998. Detective has a hunch that suspect X has done it, but can't prove it.
    • It's 2004 - suspect X is arrested on an unrelated charge, and fingerprinted.
    • Said detective takes pictures of X's fingerprints.
    • He then sets the clock on his PC back to 1998, a few days after the murder.
    • Then he downloads the fingerprints he's just photographed to the machine, and burns the photos to CD. When he's done, he sets the PC's date back to the current date.
    • Said detective files the freshly minted CD in the 1998 storage locker.
    A few days later, the detective suggests to his subordinate that he run X's fingerprints against the crime-scene database. Lo and behold! - suspect X's fingerprints match those found at the crime scene!

    Tell me I'm more secure now. Evidence fakery has been around since mankind learned to lie. The digital age just makes it more convenient.

    --
    The society for a thought-free internet welcomes you.
  17. Re:Do you know nothing about Technology? by HybridJeff · · Score: 3, Insightful

    The media could always be replaced though, if someone had access to the device it was contianed within. Of course, some sort of tamper detection could be inscluded within the device itself. Since it would all come down to cost however, I beleive it would be extremely unlikely that any of these ideas ever get put into practice. Manufactures wouldnt take part unless required by law. The best solution would be to require a 3rd party observer (or someone representing the defence if possible) wheneever digital evidence is recorded.