Just came across a great post by Lars Daniel over at the Guardian Digital Forensics ExForensis blog. It had to do with the use of diagrams and pictures to explain technical terms associated with conducting a forensic examination to a non-technically inclined person.
Here is an excerpt:
“When explaining technical information, it is best to provide your listener with as many visual aids as possible.
One of the biggest challenges in explaining technical concepts to a non-expert is finding a common ground from which to begin. It helps to not only use verbal analogies, but visual ones as well.
Enter the explanatory image or diagram.”
Lars then posted some of the diagrams/pictures that he uses in explaining forensics terminology.
What a great idea! I’ve had to deal with prosecutors who aren’t technically savvy on numerous occasions. I usually end up having to print out a glossary of terms for them. With that, I still end up having to clarify things for them anyway.
One of the things I try to simplify for them are IP addresses. IP addresses come up during investigations constantly, whether it be a Larceny case involving stolen credit cards or a Child Exploitation case where contraband images are exchanged between people.
I tell them to think of an IP address like a telephone number. I tell them that a telephone number is assigned by the phone company to a subscriber at a particular location for the duration of that particular subscription. I ask them to imagine they are calling their mother. They dial the number on their phone and electronic signals are sent along a wire to their local switchboard. The switchboard sees the area code and forwards the call to the switchboard for the area code of the phone number they are calling. The switchboard then routes the call to the appropriate location, their mother’s house. Once the call is connected, communications can occur between the two phones and a conversation can take place. Then, there are even call logs kept at the phone company.
I then explain how IP addresses are similar. I tell them that an IP address is assigned by an Internet Service Provider (ISP) to a subscriber at a particular location. I go on to tell them that when someone (the bad guy) opens his web browser (picks up the phone), types in the “Web Address” of the e-commerce site of their choice and hits enter (dials the number they wish to call), their IP address information is sent along with the request to view the site (through a switchboard to the number they are trying to reach). If it weren’t, how would the site know where to send the content of the web site back to? Once the connection is established, communications between the two computers can occur (“conversation” takes place). The e-commerce sites keep track of the IP address information that was used during a purchase, (call logs for a telephone number).
I further go on to tell them that IP addresses may change from time to time depending on the needs of the ISP. So it is important to have the date, time and time zone that an IP address was used so that the ISP can find what subscriber was assigned a particular IP address on that particular date & time.
Now that you’ve read that, wouldn’t a picture been worth all of those words.
Joe
