The cyber search is fundamental to find out and prove an illicit.
Basically, when we talk about cyber search, we mean a forensic deepening used as a tool for the acquisition of evidences.
The cases where the judicial authority exploits this tool are increasing, just because of its usefulness in getting a great amount of data from the searched devices.
The cyber search has spreaded rapidely and it has found its own experts among technical advisors and the police department, that deal with the isolation of the net systems and the deepening of every aspect, in order to get the necessary and relevant data for the investigations.
So, its function is to individuate, acquire and preserve the info: indeed, in the memory of the devices is stored a great quantity of information of everyday life, but also of the working life of every person, that can come in handy in occasions of potential investigations related to cyber crimes and others.
In times where the everyday life is always more linked to our mobile device, it’s becoming more easy to find in those electronic devices an illicit proof, even where it’s not the cyber system the receiver of the offense or the illecit tool.
Rules about the cyber search.
As we’ve already said, the cyber search is a search tool for evidences, a search of elements to acquire and to make available for the Judicial Authorities and with it, the search, also with an auxiliary of the police, it can verify the content of informative systems and proceed with the confiscation of the body of evidence and of the things that are pertinent with the crime or the people indicted or escaped.
This can be disposed by the judge with a decree and it is execute by the officials of the Police, accompanied by technical experts and auxiliary consultants.
The attention of the legislator in introducing new principles for the taking of cyber evidences is has been focused on two main aspects:
- the correct proceedure of copying the data useful for the investigations;
- the data integrity and their non alterability during the acquisition.
In our normative system, the cyber search is disciplined ex art. 246 of the penal code, in which there’s an explicit reference with the paragraph 1-bis, that states as it follows:
“Where there are reasonable grounds to believe that data, information, cyber programs or traces that are relevant to the crime are in a cyber or telematic system, although protected by security measures, they shall be searched, using technical measures aim to ensure the the preservation of the original data and to prevent the alteration of them”
Modalities and tools for the search
The person that deals with the cyber search is the computer consultant, that has all the necessary equipment in order to make forensic copies and on-site acquisitions of online data and computer devices.
The tools that they need are:
- different hard disks of different dimensions, in order to parallel the acquisition of forensic copies from multiple devices and to create a double copy of the data;
- forensic duplicators to make copies of memories, such as USB, mass memories and hard disks;
- write blocker hardware and software, in order to block the memories connected to the writing PC;
- Linux distributions on USB to boot on-site;
- suite to acquire data from mobile devices, like tablets, smartphones, navigators;
- software to acquire data from the Google Cloud and iCloud;
- tools to download the emails;
- portable software suites to facilitate the acquisitions.
When we start a search, the competent authority must produce the search order, that entitles the conduct of the operations, and to give the possibility to nominate an attorney, a one-sided technical adviser or to get assistance from a trusted person.
The operational phase of a computer search shall take place as follows:
- individuation and isolation of cyber systems, like servers, PCs, smartphones, tablets and others that can be found on-site;
- individuation and isolation of the online accounts, file sharing, storing on the internet and emails;
- request to the subject to give all the access credentials , the PIN, the passwords and the lock codes;
- change of credentials given from the subject;
- request of potential encrypted data and the decryption passwords;
- local search and seizure of the devices, with a description of the related storing stae and indication of the place where they were found.
After the search of the house, they go with the search of the company, with the same isolation of the systems, removal of any collaborators or employees; the assistance of an internal technical is required, if it’s possible, in order to samplify the job.
Every element must be isolated from the web with the flight mode on notebook and mobile devices and te removal of the wires from the PCs and the servers.
How to behave in case of cyber search
If you find yourself involved in a cyber search, whether if you’re a physical person or a company, you should know that the judicial police,first of all, have to present to you a search warrant.
Besides, you have the right to to be assisted by a technical consultant and your lawyer.
We suggest the presence of a one-sided technical consultant, because they’ll help you to prove that the evidences are intact and genuine, in cases where they are used against you in the future.
During the search, there’s no obligation to be cooperative, but in this way you might permit the conduct of the operations in less time.
Once the search is over, you’ll need to read the record carefully, in which there has to be reported in a detailed way what they did and on what devices and systems, showing which system has been access, if it’s been used, the activities that were carried out and what’s been the result.
You can ask to the judicial police to specify or to point out the relevant elements to add tothe record.
Another aspect that we need to be careful about is the hash, which is the string that identifies what data have been acquired and that’ll allow the one-sided technical consultant to verify the data integrity.
At the end of the search, they will be able to seize the cellphone, tablet, PC or other devices.
How to take precautions
When there’s a cyber search in progress, all the data contained in different devices, like the mobile and fixed ones, are canvassed.
In order to avoid that sensitive data are discovered, it it possible to get used to using an encrypted phone or procedures to keep safe your mobile phone or apps, like CryptyTalk, that allow to carry out your communications in total safety.