Computer Forensics – a Brief Introduction

Posted by Law Article on July 15th, 2009 at 02:54pm

Computer Forensics – A Brief Description

Computer Forensics is the function of utilising scientifically proven methods to assemble together and process data found on a digital device, (computer, hard disk drive, mobile phone, memory card etc), and interpret that data for possible use in a court of law or other theatre of investigation. The evidence may assist in the prosecution or a criminal, help in the defence of an accused person, or be of intelligence to an individual who is seeking knowledge for either personal or professional reasons.

The main users of Computer Forensics are law enforcement officers, as a large percentage of crimes in some way utilise digitally stored data. This data could be a phone call made on a mobile phone, (or cell phone), which could place an individual at the scene of a crime, (or of course away from it), accounts for illegal activities such as drug sales, images of paedophilia, human resource issues, hacking, email abuse, unauthorised data duplication, IP theft etc. Corporate organisations are utilising computer forensics more and more now as they often have to investigate incidents such as inappropriate computer use, inappropriate email use, unauthorised data duplication and disloyal employees. Human Resource departments and Internal Security are the biggest users of these specialist corporate services. Private individuals may also use these services. It may be the lover cheating on their partner, or inappropriate internet use by a family member.

Computer Forensics or Cyber Forensics as it is also known, is now taught at many colleges and universities around the world, and is available to both the law enforcement community and private individuals.

What to do if you suspect illegal or inappropriate activity on a computer or digital device:

1. Turn the power off – Pull the plug out if necessary

2. Secure the ‘exhibit’. Don’t allow anyone access to it, security seal it if possible

3. Contact a Computer Forensics Expert

What NOT to do if you suspect illegal or inappropriate activity on a computer or digital device:

1. Call your IT manager, or one of your technical staff

2. Get them to ‘see’ if the user has been looking at ‘dodgy’ websites or if any important files are missing

3. Sack the member of staff

The analogy of the above:

Imaging a body lying in a muddy field. There is a blanket over the body and something petruding from it. By not following procedures, what you will have done is the same as follows:

1. See the body

2. Walk up to the body in the field

3. Take the blanket off the body

4. Move the body to ‘have a look’

5. Put the blanket back over the body – ‘like it was before’

6. Leave the field

What you have just done:

Entered the scene of a crime, left YOUR footprints all over the muddy field, left YOUR fingerprints on the body and blanket, left YOUR DNA all over the place.

You then expect to call the relevant organisation/authority and have them try and find evidence, which has just been tainted by YOU or YOUR STAFF. This is not a good start, and could make the case in question inadmissible.

Remember that this is a very specialised service provided by experts. Use experts to do the job correctly in the first place, then there shouldn’t be a problem.

Simon Steggles

Disklabs Computer Forensics

www.disklabs.com/computer-forensics.asp

www.computer-forensics.co.uk

simon.steggles@disklabs.com

Tags: Computer Forensics, Computer Investigations, Digital Investigation, Forensic Analysis Of Computer, Investigate A Computer, Investigate Computer