“But I didn’t open anything bad!”
That’s what one of our clients said when our computer forensic specialist was trying to explain that she did, indeed, have spyware on her cell phone.
The thing is that a link is a link is a link. By that, I mean that the hardware – the cell phone or the computer doesn’t distinguish between good data and bad data or a good link from a bad link. It’s all just information and commands to the machine.
And every time anything is accessed online or opened on your phone or computer, such as a website, an e-mail or text message, it is actually a link that someone sends you. When you accept it, you are actually downloading it. That is exactly how spyware is sent to you, too.
The code for the spyware is included in the data you are downloading. You willingly, and usually happily, download the spyware code and go about your business – never realizing what you have done. The device can’t tell you a code is attached because it doesn’t distinguish or judge the data you open.
The good thing is that everything that is downloaded on your computer or cell phone (which is actually just another computer) is recorded- and therefore, retrievable. A computer forensic expert is able to create a “image” of the data on the device and analyze that data to find the spyware.
The code, just a bit of numbers and letters, is neither good nor bad. It’s not the actual code that’s bad. It’s the intent behind the code that makes it bad. Forensic analysts don’t make judgments. They just identify what it is and that it is there.
Computer forensic investigators are called in to many cases besides those involving spyware because they are dealing with factual data and that can be used as evidence in criminal cases and other investigative cases.
Data and software in and of itself is not bad – it’s the bad guys behind it and their intentions that make it a problem.
-Brenda McGinley, CEO, All in Investigations, All in Investigations