Forensic acquisitions

Home > What do we do > Forensic acquisitions

Forensic acquisitions

The Prime Ministerial Decree of 13 November 2014 highlighted the concept of "computer document fingerprint", but what exactly is the fingerprint of a file?

For simplicity, imagine a file like a box where, inside, the computer device (computer, smartphone, tablet etc ...) stores every single text, photograph, music saved, downloaded or received by mail or messaging system. On each box the computer writes some service information such as the name of the file itself, the creation date, the date when it was last opened, who has the "permission" to open it.

The hash is the function that allows you to obtain (calculate) the fingerprint of a file or, better, of its content. Calculating the footprint means relying on a logical-mathematical function which, starting from a sequence of bits of any length (which computerically represents the file), returns a sequence of few characters, with a fixed and predetermined length, which can also be managed without IT tools, or for example transcribed in pen also on sheet of paper or communicated orally.

The function responsible for generating the impression (hash) must guarantee 2 main factors:

• that it is not possible to identify any alternative sequence of bits that could generate that same footprint;

• that it is impossible to obtain the same fingerprints from different files

Hash algorithms, in particular SHA1 and MD5, are therefore widely used in forensic information technology to validate and somehow "digitally" sign the acquired data, typically forensic copies. The recent legislation in fact requires a chain of custody that allows to preserve the computer finds from any subsequent changes to the acquisition: through the hash codes it is possible at any time to verify that what is found has remained unchanged over time. If the hash codes match, both parties in a judicial proceeding have the certainty of being able to work on the same version of the findings, thus guaranteeing uniform analysis and generally results. The hash code results are attached to the saved forensic copies.


Our service

In order to obtain the acquisition of any content present online, simply send us an email with the URL (Uniform Resource Locator) of the content (for example " fundamental / 2839 "). Within a few minutes SIRO Consulting will send as an answer an email containing a .zip file, containing the forensic acquisition of the URL, to be digitally attached to the documents.

In addition to the fingerprints for each acquisition, a summary file is generated with a very detailed log of all the operations performed, files created and times. The author of the analysis is also certified via IP and unique machine identifiers.

The .zip file also contains screenshots that can be used to consult or print the content of the acquired URL.