How Do Investigators Use Computer Forensics?

Computer Forensics 101
September 7, 2011
Major challenges facing computer forensic investigators
October 25, 2011
Show all

How Do Investigators Use Computer Forensics?

Have you ever even heard of computer forensics? In today’s digital world, computer forensics has become a more and more important tool for both criminal and civil investigators. Computer forensics is a subset of digital forensics, as the data stored on computers can often be used in case investigations and investigation of a spouse’s potentially disloyal activities.

Investigators and computer forensics

The goal of these types of investigations is to compile thorough and accurate data from a digital or computer evidence. This refers to any information that can be extracted from a computer and that is subject to human intervention. It must be in a format that is human-readable or capable of being interpreted by an expert.

Investigators will use computer evidence for any number of reasons:

  • Theft of trade secrets
  • Fraud
  • Extortion
  • Industrial espionage
  • Pornography
  • Virus and Trojan computer distribution
  • Homicide investigations
  • Intellectual property theft
  • Misuse of personal information
  • Forgery
  • Perjury
  • Tracking of internet browsing activities
  • Reconstructing events
  • Selling company bandwidth
  • Sexual harassment
  • Software piracy

There are also a number of types of investigators who would use computer forensics. These include:

  • Criminal prosecutors
  • Civil litigators
  • Insurance companies
  • Private corporations
  • Law enforcement officials
  • Private citizens who obtain the services of a computer forensics expert

Best practices within computer forensics typically follow a similar process which includes:

  1. Acquisition of the system, network mappings, and external storage devices
  2. Identification of the data to be recovered
  3. Evaluation of that data
  4. Presentation of the evidence

Legal Evidence

Evidence obtained via computer forensics is subject to all of the normal rules of evidence. It must be admissible, and it cannot be damaged, destroyed, tampered with or otherwise compromised.

While obtaining such evidence, the investigator must make sure that no virus is introduced to the system in the process. Evidence must be extracted properly, handled properly, and protected from later damage.

There must be a continuing chain of custody. Limits must be placed on the disruption of business operations. No evidence can be divulged that breaks the client-attorney relationship.

Prudential Associates utilizes proper legal techniques to collect electronic data and mine forensic evidence.  Contact us today to learn more or with questions about your investigations.