How Do Investigators Use Computer Forensics?
September 16, 2011
Show all

Computer Forensics 101

Getting past the jargon to understand the basics of computer forensics

Computer forensics  is a sub-set of digital forensics. At one time the terms were synonymous, but with the growth of all types of digital storage devices, there was a need to distinguish between the two terms.

The goal of computer forensics is to examine computer storage systems and extract useful information from them in a forensically sound manner. That information can be used in a number of ways, including criminal cases, but also in personal investigations and the possible investigation of a cheating spouse.

What is computer forensics

Personal computers became available and accessible to individuals beginning in the early 1980s, and, of course, that led to their being used in crimes, such as fraud. It was then that the discipline of computer forensics emerged. There was a need to recover and investigate digital evidence for use in court, both in criminal trials and civil litigation.

All of the rules of evidence apply to computer forensic evidence no matter if it is a criminal or civil case, although those rules change between those two different types of investigations. Computer forensics is now widely accepted as valid both in the United States and in Europe.

The scope of forensic analysis can vary. It can be as simple as information retrieval or as complex as the reconstruction of a series of events. Even at this point some still believe that computer forensics is more art than science.

High profile cases

Some high profile criminal law cases that were resolved based in part on computer forensics include:

  • Conviction of the BTK killer, Dennis Rader. Evidence was extracted from floppy disks he had sent to police
  • Joseph E. Duncan III, a serial killer and sex offender, was sentenced to death based upon evidence, found on his computer, of his planning his crimes.
  • Robert Glass, the killer of Sharon Lopatka, was found out from hundreds of emails on her computer.

Some techniques we use

Some computer forensic techniques include:

  • Cross-drive analysis to correlate information found on multiple drives
  • Live analysis to examine a computer within the operating system using custom tools or even existed system administration tools to extract evidence.
  • Deleted file recovery.

Prudential Associates utilizes proper legal techniques to collect electronic data and mine forensic evidence.  Contact us today to learn more or with questions about your investigations.