Brief History of Forensic Analysis, from Crimes to Data

Criminal dramas have made the miracles of forensic medicine popular and how it can help to condemn even the most elusive criminal.

From 3D restructuring to DNA analysis, technology development has accelerated exponentially in recent years, but the roots of forensic science come from long time ago.

So how did we get to the powerful methods we have today?

275 B.C.

Ancient forensic medicine

The ancient Greeks and Romans were the first to practice forensic science. The word forensic means “open court” in Latin.

The first sign that science is used to help solve a crime dates back to the time of Archimedes. The scientist, realizing that his body had moved an equal volume of water, he had invented a method for determining the volume of an object. When the King of Syracuse suspected that a goldsmith had deceived him by replacing part of the gold in his new crown with silver, Archimedes was able to prove that the gold had actually been mixed with cheaper silver because it did not weigh so much.

Forensic science was born.

1302

First autopsy

The first legally ordered autopsies were performed from 1302 in Bologna. This example has been copied in Italy and Europe

Dr. Bartolomeo da Varignana had been influenced by the Chinese book “Washing without imputation or error”, published in 1247. This helped to pave the way for autopsies based on scientific observations. From Varignana he examined the bodies of people who died under suspicious circumstances to determine the cause of death.

However, his observations were limited by the power of the human eye and its instruments.

1590

The microscope

The invention of the microscope has unlocked many new areas of forensic science. It allowed the discovery of red blood cells and spermatozoa.

Forensic researchers could now study tiny wounds, crystals, glass, and the characteristics of hair and fibers.

Human remains were identified using teeth for the first time. Military surgeons produced large bodies of work detailing wounds and causes of death. However powerful the microscope was, some causes of death remained imperceptible.

1832

Poison detection

In 1832 chemistry was first used as evidence in an arsenic poisoning case by sampling the lining of a victim’s stomach.

Before then, arsenic had been the perfect poison. It was imperceptible and fatal in small doses. By the 18th century it earned the nickname of “hereditary dust”.

However, in 1832 the chemist James Marsh designed a test for arsenic and used it to solve a murder case. The new science of toxicology was born and arsenic lost its appeal as the perfect weapon for murder.

1835

Combination of bullets

The rate of murder has risen as the gunshot crime has become more widespread. A development in the study of bullet matching helped the police to track down the owners of firearms.

In 1835 Scotland Yard traced a physical defect in a bullet down to the mold and discovered the person who bought it. Small defects in the bullets could be measured and matched to the barrels of firearms. However, these instruments were not used until 1926.

A new type of evidence was needed, permanent and precise – photography was the answer.

1888

Photographs of crime scenes

The first photographs took a long time, but the investigators embraced them as a way to record the exact circumstances of the crimes.

This led to a boom in public involvement in cases.

Later, French police employee Alphonse Bertillon was the pioneer of standard lighting, scale and angles for identifying criminals with profile photographs and faces illuminated.

However, the faces may look very similar. Another more reliable method of identification was needed.

1892

Fingerprints

In 1892 the world’s first fingerprint office was founded in Argentina, after a well-publicized case in which a bloody fingerprint identified a murderer.

The uniqueness of the fingerprints had long been suspected, but in 1892 Francis Galton calculated that the odds of identical prints were one in 64 billion. Soon the British used fingerprints in India to identify retired soldiers, so that their relatives could not continue to claim their pension after their death. Fingerprinting analysis soon became standard practice and is still under development today, when scientists find ways to take fingerprints from new surfaces.

1901

Types of blood

Human ABO blood groups were discovered in 1900 and were soon used to determine whether the blood present at the crime scene matched that of a suspect or victim.

Arthur Conan Doyle wrote about Sherlock Holmes using blood analysis before it was possible in reality.

Initially these tests were rough and gave inconclusive results.

Other blood markers were discovered and tests developed to increase accuracy until it was discovered that the blood was as unique as a fingerprint. However, since blood was required from a crime scene to perform tests, forensic scientists needed other ways to link a suspect to a crime.

1910

Criminal laboratories

The first forensic lab was created in the attic above a court. This controlled environment led to an important discovery.

Edmond Locard’s dust particle analysis led him to develop one of the fundamental principles of forensic science – a criminal will leave some trace at the crime scene and take away some more. He called this the principle of exchange. He used this powerful new technique to link suspects to a crime scene by examining hairs, fibers and dust. The central elements of modern forensic medicine have been established. These techniques improved until the next revolution – the discovery of DNA testing.

1984

DNA tests

The discovery of DNA analysis, which identifies the unique biological code of anyone, revolutionized forensic science.

DNA has replaced blood as the most powerful method of identification. It is invisible to the naked eye and detectable in the traces left by all criminals except the most attentive. Initially, the courts had to wait weeks for the results. It took 15 years before the time for results was reduced to a couple of days. In 1996 a DNA database was created in the UK, a powerful addition to fingerprint records. Since then, the predictive power of forensic science has been greatly improved by using computer power.

2000

Computer reconstructions

Computer graphics are now used to create compelling visual evidence to clarify the events of a crime for jurors.

3D reconstructions of crime scenes, traffic collisions and bullet trajectories are all used to solve crimes. However, animated reconstructions have been criticized as potentially misleading because of their persuasiveness. Older methods are still used and improved regularly, including magnetic fingerprints and photography with alternative light to see non-visible evidence. Forensic science will continue to develop the power of its techniques to ensure justice through logic and science.

The concept of forensic computing emerged in the early 1980s, when personal computers began to be more accessible to consumers but increased their use in criminal activities. At the same time, they increase the number of crimes identified and recognized as cybercrimes by 67% between 2002 and 2003.

Forensic computing is the science that studies the detection, storage, protection and extraction of any computer data in order to be considered valid within a legal process.

This science, therefore, is useful in all those cases in which it is necessary to request a forensic analysis that has the value of certified evidence within a legal dispute of any form:

  • Electronic fraud.
  • Infringements against copyright.
  • Content related infringements (such as child pornography).
  • Infringements related to data breach.

The term “computer forensic expert” identifies the professional figure who works in the field of computer crime. Since there is no univocal definition included in the term “computer forensic expert”, it must deal with “preserving, identifying, studying and analyzing the contents stored in any media or storage device”.

As we said before, forensic computing allows to analyze any form of content and data present on any computer support.

In order to achieve this objective, the following techniques are required:

Cross-Drive Analysis

Cross-drive analysis is a technique for correlating information taken out from multiple hard drives, for example by recognizing possible organizations between people or by recognizing data anomalies with respect to specific patterns.

Live Analysis

Examinations carried out within the operating system of the computers under analysis through the use of existing tools or created ad-hoc for the extraction of information. Useful practice in the case of systems with Encrypting File System, where you can get the encryption key and often get images of the logical disk before the computer is turned off.

Recovering Deleted Files

It is one of the most common techniques implemented by modern forensic software. Very often, operating systems and file systems do not physically delete data, allowing them to be reconstructed from the physical sectors of the disk. Even in the absence of metadata associated with the file system it is possible to use known recovery techniques such as file carving, to obtain or rebuild deleted material.

Stochastic analysis

Method of analysis that uses statistical properties of the computer system analyzed to investigate particular activities in the absence of digital artifacts from which to begin investigations.

Anti-steganography methods

Techniques used by forensic computer experts to fight crimes associated with hidden data through the technique of steganography (hiding data within images by altering the bits). These techniques are based on the realization and comparison of the hashes obtained from the original images and from those under analysis; this because an image that is the same to the eye will turn out to have a different hash if its encoding in bits is altered.

Basic analysis

There are several tools available to perform a forensic investigation, including open source. Typical analyses start from the manual consultation of devices, control of registers in Windows systems, discovery or crack of passwords, search for keywords related to any crime, extraction of emails, images and other information.

In Italy, the reference law that defines how to legally use the results of forensic analysis in court, is the law 18 March 2008 n. 48, which ratified the Convention of the Council of Europe on cybercrime, signed in Budapest on 23 November 2001.

The norm provides for:

  • heavier penalties for cybercrime;
  • more effective rules to fight child pornography on the Internet;
  • Penalties also apply to companies;
  • Possibility for law enforcement agencies to ask the provider to freeze the electronic data for 6 months;
  • greater protection for personal data