Digital Forensics for Criminal Defense

Digital Forensics for Criminal Defense has become a critical component for cases involving electronic evidence that is introduced by the government. More so than physical evidence, electronic evidence presents a multitude of variables that can impact the integrity and authenticity of the government’s evidence.

Electronic data is dynamic and susceptible to many variables before, during and after it has been collected and analyzed by the government. In some cases, these variables are ignored, neglected or undisclosed.

There’s more involved than merely reviewing and responding to the evidence introduced by the government. At ITAcceleration, we use a six-step process to identify gaps in the investigation and determine what really happened.
criminal defense

  1. Review the government’s criminal complaint pertaining to the quality of evidence, collection methods, analysis and production of electronic evidence.
    We look at the value and source(s) of the evidence introduced in the government’s reporting to determine if and how the evidence benefits their case. Based on their reporting, we assess the government’s trustworthiness and reveal external influences that could impact the integrity of the introduced evidence that were not identified and fleshed out beforehand.
  2. Validate all processes and procedures used by the government investigators.
    Making the government accountable for their efforts eliminates the “free pass” when entering evidence at trial. We look at the state of the original evidence before the government had access and if the government used sound forensic practices when preserving evidence. Validating the electronic preservation and chain of custody can bring to the surface many questions that otherwise would be hidden.
  3. Review original evidence for signs of tampering and spoliation.
    Sound forensic processes include hashing data to provide an electronic fingerprint to ensure the authenticity of the data moving forward. But hashing does not authenticate the state of the data before it was collected. Understanding the state of the data before and after the government seized it, and identifying any outside influences such as viruses, malware, spyware or tampering, may provide evidentiary insight that the government neglected to identify. More info >>

  4. Scrutinize the government’s report for proper and improper evidence introduction and determine any analyses the government neglected to perform that may benefit your client.
    In this stage, we answer a number of questions to determine if the evidence presented aligns with the government’s story. It’s not the government’s job to find exculpatory evidence, so their investigation may be limited to only solidify their allegations rather than understand what really happened. More info >>

  5. Perform an investigation for the defense.
    Preparing for trial with an alternative story to the government’s, rather than merely challenging the government solely on their evidence, may be critical to help the judge and jury reject the government’s allegations. Depending on the illicitness of the evidence, our work may be performed in our lab or at the government’s forensics lab. Upon completion, a comprehensive report of our investigation can be provided for the defense’s case. More info >>

  6. Prepare for trial.
    Having a strong witness who can articulate complex technical issues in a clear and easily understood manner is critical for cases involving technology. David Yarnall has been certified as an expert witness in various courts for both digital forensics and Information Technology. He explains technical issues in a way the jury understands and breaks down issues involving the government’s case that pertain to the electronic evidence. More info >>

Download David’s Outlook Business Card

Download David’s CV