In literature, there’s a device called Deus Ex Machina. This literary device manifests when a problem is solved—usually almost instantly—because of a machine with seemingly magical abilities, a person who somehow knows how to do something that seems impossible or for some other, rather unbelievable, reason. The Star Trek television series was infamous for using this literary device. If you’re a fan of Hollywood portrayals of computer forensics and computer forensics experts, you’re very well versed in how this device works.
Computer’s Aren’t All Connected
One of the most common ways that this device manifests when Hollywood cops are tracking down criminals is in the form of a chain of evidence that is gathered from a variety of different digital resources. For instance, the computer forensics expert might get a shot of a suspect’s vehicle going through an intersection at a certain time from a red-light camera, get their GPS data from their phone, get credit card receipts from a location nearby the scene of a crime and find a forgotten sample of the suspect’s DNA that was used in a case long ago, nailing the criminal. The forensics expert will usually be shown doing this from right behind a single desk, using a single computer.
In reality, systems just aren’t networked together this thoroughly, even for law enforcement. The Internet, in these portrayals, is depicted as a central hub for information when, in fact, it was designed from the start as a decentralized means of communication. There’s no central computer that a hacker can get into to get access to everything and many of the systems that these hacker/investigators are shown using likely do not have live, instantly-available information that could be accessed remotely.
Quite simply, computer forensics is a lot harder than Hollywood would like you to believe.
Why the False Information?
The reason that this plot device exists is because it makes for great storytelling, not because it provides great information. When the computer forensics team starts piecing together information and, just in the nick of time, find a vital clue, it’s great for the audience. Most often, however, such investigations take a long time and they involve many different digital resources, not all of which communicate with one another.
For example, a red light camera could be used to find pictures of cars going through an intersection, but space for storage is not infinite and these files likely get overwritten regularly. Likewise, finding credit card information may take subpoenas and other legal clearances; investigators may get “hunches”, but they can’t hack your bank account based on that.
If Hollywood portrayed computer forensics as it actually is, the stories would likely be much longer, less clear-cut and far less heroic. Computer forensics isn’t something that involves gunfights. It involves long hours poring over information, restoring information that criminals attempted to destroy and finding out where attacks originated from.
Computer forensics experts don’t operate a magical box that can reveal all the evidence needed to catch a criminal. What they do is provide some of the evidence that supports many cases. In cases where a computer is the primary means of committing a crime, they may well provide the majority of the evidence used, but they don’t do it in a flurry of activity seconds before a major plot point has to be resolved. They do it with hard work, a lot of education and the support of law enforcement. In many ways, the reality of computer forensics is much more interesting, even if it doesn’t make for great television.
Anita Schepers provides advice and information on computer forensics recruiter programs at Computer-Forensics-Recruiter.com.
Image source: 1