Author: Berenise Leussom

Posted on

DAUBERT STANDARD

This rule is used in U.S. courts to determine whether expert witness testimony and scientific evidence are admissible in legal proceedings. It evaluates the relevance and reliability of evidence based on factors such as testability, peer review, error rates, and standards.

In cybersecurity and digital forensics, the Daubert Standard ensures that forensic tools and methods (e.g. file recovery, malware analysis, encryption breaking) used in court meet scientific rigor. If a forensic method fails to meet these criteria, the evidence may be dismissed.

  • Testability

The methodology or theory behind the testimony must be scientifically testable

  • Peer Review

Judges consider whether the theory should be reviewed and published in reputable journals

  • Error Rate

The method’s reliability must be measured by its error rate

  • Standards & Controls

Clear guidelines must govern its application.

  • General Acceptance

It should widely accepted in the scientific community

Steenwyk, E. lou (2016). What Is the Daubert Standard? a Guide for Expert Witness Testimony. [online] Forensisgroup.com. Available at: https://www.forensisgroup.com/resources/expert-legal-witness-blog/daubert-standard-for-expert.

Posted on

BAYES THEOREM

Thomas Bayes

Statement: “The conditional probability event A, given the occurrence of another event B, is equal to the product of the event of B, given A and the probability of A divided by the probability of even B.”

Bayes Theorem formula
  • Where P(A) and P(B) are the probabilities of events A and B also P(B) is never equal to zero,
  • P(A|B) is the probability of event A when B happens,
  • P(B|A) is the probability of event B when A happens.
GeeksForGeeks (2021). Bayes Theorem - Statement, Formula, Derivation, Examples & FAQs. [online] GeeksforGeeks. Available at: https://www.geeksforgeeks.org/bayes-theorem/.

Posted on

COMPUTER MISUSE

ACT 1990

Today, I made a educational poster on Computer Misuse Act 1990

So, there is no reason why you can’t follow it!!

Posted on

Locard’s Exchange Principle: Every Contact Leaves A Trace

Dr. Edmond Locard

When it comes to solving crimes, we often think of fancy forensic tech and high-tech gadgets, but did you know that one of most powerful concepts in forensics is actually over 100 years old! Locard’s Exchange Principle developed by Dr. Edmond Locard the foundation of forensic investigation.

WHAT IS THE PRINCIPLE?

“Every contact leaves a trace.” whenever a person comes in contact with another person, object, or place they both leave something behind and take something with them.

HOW IT WORKS IN CRIME SCENES?🕵🏾‍♀️

A criminal might leave behind:

Fingerprint on a doorknob

Hair or skin cells on clothing

Fibers from their clothes on a victim

Blood or bodily fluids at the scene

They might take away:

✅Dust or soil from the crime scene

✅Fibers or paint from a broken window

✅Gunpowder residue from a fired weapon

What does this mean?…Evidence is everywhere. The challenge is finding it!

This principle doesn’t just apply to physical crime scenes. In digital world:

💻Hackers leave traces – IP addresses, timestamps, malware signatures

📱Deleted data can be recovered – browser history, hidden files, metadata

🖥️Every action creates logs – showing who accessed what, and when

Wilding, S. (2012). Locard’s Exchange Principle - Forensic Handbook. [online] Forensic Handbook. Available at: http://www.forensichandbook.com/locards-exchange-principle/.

Posted on

CRACKING THE CODE: 4 PRINCIPLES OF DIGITAL EVIDENCE

Digital evidence isn’t like your messy photo gallery…HANDLE IT WITH CARE!! These are the 4 golden Rules.

PRINCIPLE 1: DON’T TOUCH THE DATA!

Who goes to a crime scene and moves things around?….RIGHT no one, not a smart idea. This also applies to digital evidence. No changes, no edits ESPECIALLY not “accidental” deletes. Use forensic tools to keep data exactly how you found it.

PRINCIPLE2: IF YOU MUST TOUCH IT, KNOW WHAT YOU’RE DOING

At some point you may have to access original data. If you get to that point. You better have GOOD memory, and you need to know your stuff! You should be able to explain what you did and why, every little detail otherwise forget winning that court case.

PRINCIPLE 3: KEEP RECEIPTS (AUDIT EVERYTING)

This links in with principle 2, every click, command, and copy must be documented if another forensic expert can’t follow your steps and get the same results, your evidence maybe….Dodge.

PRINCIPLE 4: THE INVESTIGATOR IS THE BOSS 🙂

Whoever leads the case is responsible for making sure everything follows the law and these principles. NO shortcuts, NO sloppiness, if evidence gets thrown out they get the blame

Without these principles, digital evidence wouldn’t hold up in court, and criminals would walk free… boooo!!! Whether it’s recovering deleted files or tracing cybercriminals, forensic integrity is everything.

Now, time to apply these in my lab work…SEEE YAAA!