Deadbolt Forensics Comments on the Role of Digital Forensics in Investigation into Disappearance of MH370

Share Article

Deadbolt Forensics released a statement today on the increasing role of digital forensics in high profile investigations such as the disappearance of Malaysian Airlines flight MH370. According to news reports, FBI investigators were working with Malaysian authorities to recover data from a computer belonging to one of the pilots of MH370.

deadbolt digital forensics

Deadbolt Forensics

Deadbolt Forensics released a statement today commenting on the role that digital forensics has played during the investigation into the disappearance of Malaysian Airlines flight MH370.

According to a report from CNN (U.S. officials: Indications found of files deleted closer to Malaysian Airline flight, 3/22/2014), a team of digital forensic investigators from the United States government is collaborating with Malaysian authorities to recover data from hard drives belonging to one of the pilots of MH370 that could shed light on the disappearance of the aircraft.

“So far digital forensics has played a minor role in the investigation. It has been used to identify deleted files from the pilot’s flight simulator that may be of interest,” said Michael Yasumoto, Senior Forensic Analyst at Deadbolt Forensics. “The extent to which those files were successfully recovered and subsequently analyzed has not been released.”

According to the report, government experts working with the hard drives have found indications that some data may have been deleted from them after the date of February 3, which was the date that Malaysian authorities previously cited as the date of the most recent deletion.

“There has been some concern that the evidence may have been contaminated during the initial Malaysian investigation before being handed over to the FBI. This is only an issue in digital forensics when standard practices are not followed,” said Yasumoto. “Typically, the first thing that would happen is that a forensic image or copy of the evidence would be created as well as additional copies as needed. Any analysis of the evidence would be performed on a copy to prevent contaminating the original evidence. If this best practice was not followed, then subsequent investigators could waste valuable time trying to distinguish between evidence created by the original user and the evidence created by contamination from a previous investigation.”

In today’s society, computers are home to a record of our lives that is increasingly hard to destroy. Unlike paper documents, digital documents persist after being destroyed. In the same vein, anyone who uses a computer unknowingly creates digital artifacts that can later be used to determine what actions took place on the computer. In order to find evidence in certain cases, investigators can follow clues such as these to determine when and if any information has been modified and/or deleted from the hard drive of the computer. While someone trying to cover their tracks may be able to remove some trace of their actions, removing every artifact from a given action is extremely difficult.

Typically, things that investigators look for include internet browsing history to show direct evidence of an action or to indirectly show the state of mind of the user. They also look for communications from email, chat, voice/video applications such as Skype, any documents that were printed, and signs that other media or hard drives were attached to the computer.

“As technology continues to impact every aspect of our daily lives, we leave traces of our actions on numerous electronic devices. With more tech-savvy attorneys graduating every year, they are increasingly requesting and using this digital evidence in their cases,” said Yasumoto. “It is not uncommon to see some kind of digital evidence in a high profile case, whether it is a mobile device, a tablet, or the computer controlling a modern car. With wearable computing on the horizon, including products like Google Glass, this trend is expected to continue along with significant growth in the digital forensics field.”

About Deadbolt Forensics
Deadbolt Forensics is a privately held company focused on digital forensics and the associated services of data preservation, electronic evidence retrieval, analysis, neutral expert witness services, hard drive sanitization, and password/data recovery. The company works directly with attorneys and litigation support teams in both criminal and civil cases supporting plaintiff and defense clients. Deadbolt Forensics accepts clients in the states of Oregon (Registry# 906073-92), Washington (License# 603343020), and Alaska (License# 1000625). For more information on pro bono services offered to our partners in the non-profit sector, please contact us at publicrelations(at)deadboltforensics(dot)com.

Deadbolt Forensics, LLC
1915 NW AmberGlen Pkwy Suite 400 Beaverton, OR 97006
Phone: (503) 683-7138
Fax: (503) 296-5504
Email: info(at)deadboltforensics(dot)com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Michael Yasumoto