The Protection of
Children Act of 1978 (as amended) defines what
media is considered illegal by the British
courts by establishing tests and definitions of
‘obscenity’ / 'indecency'. |
Due to the nature
of these types of offences and the fact
charges often relate to the abuse of
minors, there is considerable social
stigma attached to this sphere of law,
making it an area rarely discussed or
debated. As such many solicitors
and advocates are poorly equipped to
manage such cases.
The Act forbids the creation, showing,
distribution, possession for showing or
distribution, and advertisement of
obscene media. Whilst the Act was
originally developed to consider
photographic images, it has been
subsequently amended so as to include
‘pseudo-images’, artificial or computer
generated images. Possession of such
material constitutes an offence under
the Criminal Justice Act 1988.
To distinguish between child
pornographic content, authorities rank
material on a sliding scale of severity
from one to five. This system is based
upon the
COPINE Typology and ranges from
semi-nude/nude photographs (level one)
through to penetrative sexual assault
(level four) and sadism or bestiality
(level five). Sentencing guidelines are
based upon categorisation with tariffs
reflecting the quantity of images, the
severity of such, how long they have
been held, whether the materials have
been catalogued and organised, how the
images were acquired/created, and
whether they are a “trophy of the
offender’s own sexual abuse of a child.”
In the United Kingdom the concept of
obscene media is synonymous with
‘Operation Ore’ – the British arm of an
international Police investigation
started in early 2002 to combat child
pornography. Despite criticisms of
tainted evidence and fundamental
failings to corroborate ‘facts’ , it
remains an important case study for
targeted police activity. To date
Operation Ore has resulted in over three
and a half thousand arrests, destroyed
distribution networks and sent out a
powerful message to those that might
commit offences of this nature.
Digital Evidence
Forensic analysis of the
computer systems and removable media
(e.g. floppy disks and CDs) can help
answer important questions as to how
images came to be created or stored upon
the system and what was done with them.
Careful forensic examination of the
evidence exhibits can provide insights
into the following areas:
• Names & Addresses of websites visited;
• File Sharing applications used to exchange media;
• Times & dates of access to specific files or folders;
• Queries used by the user on search engines such as Google;
• Attempts made to conceal or obscure illegal media.
Forensic evaluations put the evidence
into context and can reveal elements of
the case that had previously been
unconsidered – which in turn can create
significant defence/prosecution case
opportunities.
It is important to note that computer
forensic consultants that provide expert
witness services in respect of indecent
images and media must be of the highest
calibre and it is necessary for their
facilities to be inspected and approved
for the undertaking of such work by a
Police authority.
Our analysts contribute to a number of
leading working groups as well as
undertaking constant research into these
spheres, to ensure our approaches to
handling technological evidence remain in touch
with leading Best Practice.
We offer a 24x7 comprehensive
investigation service that involves the
recovery of digital information. Our
experts work with clients to determine
the nature of incidents and use
established computer forensic
investigation techniques to preserve
evidence, whilst maintaining its
continuity and integrity. Our analysts
are Certified Information Security
Professionals (CISSPs) and trusted to
undertake the most sensitive of
investigations.
Our service includes the post-analysis
review of investigation results and the
preparation of a detailed investigation
report. If criminal or other legal
proceedings are necessary we can produce
witness statements and attend court to
deliver expert testimony in support of
the analysis undertaken and material
found.
All investigations are conducted within
a physically and electronically secure
environment, although we are equipped to
and when undertaken at client premises
we strive to conduct our work with
minimal disruption to your business. Our
systematic approach to investigations
can significantly reduce the cost and
time of an internal investigation (and
of any court-ordered disclosure).
Only
BURTONS DIGITAL can blend the necessary
technical forensic expertise with legal
capabilities to ensure that clients
facing crown court proceedings or
industrial tribunals, have access to the
very best for defence case preparations. |
| |
|
 |
Data Remanence & Recovery
Data remanence is the residual
physical representation of data that have been in some
way erased. After storage media are erased there may be
some physical characteristics that allow data to be
reconstructed.
As early as 1960 the problem caused by
the retentive properties of computer storage media was
recognized. It was known that without the application of
data removal procedures, inadvertent disclosure of
sensitive information was possible should the storage
media be released into an uncontrolled environment.
Degaussing, overwriting, data encryption, and media
destruction are some of the methods that have been
employed to safeguard against disclosure of sensitive
information. Over a period of time, certain practices
have been accepted for the clearing and purging of
storage media.
In addition, a similar spectre of recoverability has
been observed in RAM, and it is therefore, generally,
not possible to assume that removing the power from
volatile RAM will always render the data stored in it
unrecoverable. There are slow memory biasing mechanisms
in some RAM circuits, usually connected to charge
migration in semiconductor structures, which can retain
data across such power cycling.
Clearing is the removal
of sensitive data from storage devices in such a way
that there is assurance, proportional to the sensitivity
of the data, that the data may not be reconstructed
using normal system capabilities, i.e., through the
keyboard. (This may include use of data recovery
utilities and advanced diagnostic routines.)
Purging is the removal of sensitive data from a system
or storage device in such a way that there is assurance,
proportional to the sensitivity of the data, that the
data may not be reconstructed through open-ended
laboratory techniques. A computer must be disconnected
from any external network before a purge. Purging must
be used when the secured physical environment (where the
media were used) will not be maintained. In other words,
media scheduled to be released from a secure facility to
a non-secure facility or environment should be purged.
The United States Department of Defense (DoD) has
approved both overwriting and degaussing for purging
data, although the effectiveness of overwriting cannot
be guaranteed without examining each specific situation.
DoD documents like NISPOM often refer to purging as
"sanitization".
The forensic analysts at BURTON DIGITAL
have experience in recovering deleted data from exhibits - only our staff can combine the
technical expertise with the legal background necessary
for assisting clients where electronic evidence is to prove a central feature of the case. |
|
|
|
