Digital forensics: industry features, purposes and cases

Let's keep on discussing interesting IT industries. In our new article, we are telling about digital forensics, the roles this field plays in investigations and trials, and how the police were able to catch one of the most famous serial killers of the United States with the help of digital evidence.

September 14, 2014, Georgia.The Cobb County: Ross Harris is charged with the murder of his own son: teenager Cooper Harris was locked in a hot motor vehicle. Many participants in the trial are confused — why would a seemingly loving father kill his son? The answer to this question was found with the help of digital forensics.

The Ross Harris case

The motive of the crime became clear when the digital forensics specialists recovered and studied deleted data from the hard drive of Ross' computer and his mobile phone, as well as the history of search queries.
It turned out that Harris regularly searched for information about the age of consent in Georgia, as well as "how to survive in prison". He had an affair with a seventeen-year-old high school student and regularly sexted with underage girls — Ross was also doing it that evening while his son was dying in a locked car.

However, this was not all the evidence — the investigation showed that in addition to his interest in websites with minors, Ross actively visited child-free resources and googled which car was most suitable for killing a child.

After analyzing all the evidence, the police came to the conclusion that Harris killed his son on purpose to have a life unencumbered by children and continue to come into contact with young girls.
In November 2016, Ross Harris was found guilty of first-degree murder and sentenced to life without parole. This trial could have lasted even longer if it had not been for the evidence discovered during the investigation by digital forensics specialists.

The history of digital forensics and its main purposes

Digital forensics (digital forensics)appeared in the mid-1970s as one of the areas of computer forensics and for a long time was focused mainly on cyber attacks, data leaks and other similar cases.

Over the next 50 years, digital forensics has been actively developing and changing, so at the moment it exists as a separate field (since 2005 it even has its own ISO standard).

Its main purposes are:
  • Search for evidence;
  • Data analysis;
  • Investigation in the digital environment.
Digital forensics specialists deal with deleted, encrypted or hidden data on various gadgets, prepare the necessary digital evidence to be represented in court, help the special services to identify the suspect and determine a possible motive for the crime.
In addition to the departments within the special services, many private companies have appeared around the world, providing services from conducting research to collecting digital evidence: for example, Business Intelligence Associates, FireEye, AccessData abroad, and the Group-IB Laboratory on the Russian market.


However, like other industries, digital forensics faces its own difficulties. The main one inadmissibility of digital data by the court. Sometimes it can be difficult to provide and present "electronic" evidence due to its specifics and the court is not always ready to accept them; also sometimes opinions differ on the interpretation of digital data already attached to the case.

One of the most relevant examples of such an ambiguous interpretation of the collected digital evidence is the Casey Anthony case, which today remains one of the most controversial trials in the history of US justice.

The Casey Anthony case

In October 2008, Casey Anthony was charged in Florida with the capital murder of Kaylee Anthony, her two-year-old daughter.
This case will become not only one of the most controversial ones in the US, but also the most highlighted in pop culture — famous media will write about it, films and several documentary series will be made based on the story of Casey Anthony.
Kaylee's body was found in the woods a few months after she disappeared. During the investigation, it was found that 84 Google requests "chloroform" were made from the Anthony family's home computer in a suitable time period — a little later, from the same IP address, someone made some more searches for the keywords "head injury", "chest fracture", "internal bleeding".

The defense insisted that Kaylee's death was an accident: the child drowned in the pool at home, and her mother, afraid of responsibility, tried to hide the body with the help of her father, George Anthony. Through search queries, they tried to identify the symptoms and signs of injuries that Kaylee might have received by falling into the pool.

On July 5, 2011, Casey Anthony was found not guilty because of the lack of sufficient evidence pointing to the composition of the murder in this case: she received four years in prison for perjury and child abuse.

The case of Dennis "BTK" Raider

Despite the moments associated with the possibility of different interpretations of digital evidence and the lack of grounds for sentencing a criminal in individual cases, today there are many examples in the judicial practice of solving the most complicated cases with the help of digital forensics.
For example, the capture of Dennis Rader, also known as the BTK-killer, a serial killer who terrorized America in the 2000s.
The number of his victims during all this time was at least ten, and each time he managed to get away. BTK regularly wrote encrypted letters to the police — in 2005, he sent a floppy disk with a Microsoft Word file. There was discovered metadata that was stored on the hard drive of a certain Dennis Rader, which gave the police the opportunity to reach the suspect.

Skills required for IT specialists for a career in digital forensics

It stands to reason, these are not the only examples of the contribution of digital forensics to investigations — thanks to the development of technologies, this industry is now actively developing and its services are becoming more and more in demand in the modern digital world. This means that the demand for IT specialists in this field is also steadily growing!

To build a career in digital forensics, in addition to knowledge of programming languages, it is also important to have:
  • Strong analytical skills;
  • Excellent communication skills
    In most cases, work processes include cooperation with representatives of the investigation department, analysts, criminologists, and here teamwork is more important than ever.

Do you need to hire IT specialists? We fill the vacancies even for exclusive positions. Yes, including the digital forensics industry :) We are looking forward to your requests!

Polina Barabanova
Content Manager at Lucky Hunter
Specializes in tech staff recruitment, startups, tech research, career, HR, and news topics. With her expertise, she provides valuable insights and practical advice to navigate the ever-evolving tech industry.

What else to read