DoD crime fighter said digital evidence more powerful than DNA

ARLINGTON, VA -- The emergence of digital evidence means investigators now have many more ways to find out who committed a crime and how, but it also means wading through near-endless amounts of data to arrive at those answers.

So said retired Special Agent Jim Christy, now director of the Future Explorations unit of the Department of Defense’s Cyber Crime Center, who gave a keynote speech at the Black Hat conference on Wednesday.

Considering all the electronic devices that the average person uses in the course of a day, and how much information they collect, digital evidence can give investigators insight into a crime like no other type of evidence can, he said.

“I think digital evidence is more powerful than DNA evidence,” Christy told the audience. “It can answer who, what, where, why, and how; DNA can only tell you who.”

Only about 1% of criminal cases introduce DNA evidence – contrary to what is typically portrayed on television crime dramas – because most of the time it’s not relevant, he said.

Christy walked the audience through a typical person’s day and the digital trail of information collected about his or her actions, starting with the alarm clock that tells what time a person woke up to a video camera at a gas station taping when gas was pumped to cell phones logging what time a call was placed and to whom.

Searching through the information collected by these and other devices can paint a more complete picture of a suspect than any other medium, he said. For example, investigators can learn a suspect’s movie preferences, biometric information, what hobbies they have, what their motives might be -- through e-mail and instant message conversations -- even what they scoured a search engine for, he said.

“There’s a tremendous amount of evidence out there to help prove or disprove allegations,” Christy said. “The bad news is the volume is tremendous.”

Calling on the security industry for help, Christy said investigators need better tools to help them sift through and make sense of these piles of data and process evidence in a timely matter.

Today, PCs aren’t the only tools for learning what happened during a crime after the fact, but can play as many as three roles in a crime, Christy continued. A PC can be the subject of the crime, meaning the criminal couldn’t have acted without it. A PC can be a witness to a crime, logging events as they happen. And, as is the case with malware or intrusion, the PC is actually the victim, he said.