What is Computer Forensics?

Computers are a very large part of most people’s daily lives. In fact, the number of homes that have a personal computer has grown exponentially in the past five to ten years. Consequently, computer crime, specifically identity theft and other computer-generated financial crimes, has grown in number and has become an increasingly serious issue.

Many municipal police departments have a computer forensics team. However, in years to come they will become even more widespread. Computer forensics uses special techniques and skills to recover, authenticate, and analyze electronic information and data. It is specifically helpful for police officers and investigators who are attempting to solve a crime where a computer has been used.

A specialist in the field of computer forensics usually has broad working knowledge and specific software that works on the devices that store data. This can include hard drives and other computer media. The computer forensics specialist can determine sources of digital evidence, such as e-mails and other documentation. She also knows how to preserve the digital evidence, analyze it, and present the findings to investigators and, if necessary, before a court of law.

Cybercriminals have become increasingly complex and intelligent in the crimes they commit. Many of the most complicated crimes committed by cybercriminals are successful because the criminals had installed defensive measures on their computers. These countermeasures work to prevent a computer forensics investigation. They can be in the form of computer viruses, electromagnetic damage, or other computerized traps. In fact, if a computer forensics specialist is not careful, the countermeasures may destroy evidence in its entirety and make it irretrievable.

A computer forensics investigation usually starts when a search warrant to seize a suspect’s computer and other digital media is granted. The data on the suspect’s computer is copied and then that data is analyzed using the investigator’s technical equipment and software. The suspect’s computer becomes evidence. Consequently, it must remain in a tight chain of evidence to keep it pristine.

Some investigators specialize in decoding passwords. They are also well aware of the importance of not turning off a computer that is running. If they must turn the machine off, they copy all the data off of the hard drive. Sometimes the data is not even visible to the eye. There may not be a visible file. These hidden files are gems to a computer forensics team.

Electronic mail or e-mail is one of the main methods of communication for most people. Some investigators specialize in preserving, retrieving, and analyzing e-mail files. They can be stored on the hard drive, an external network, or on a removable hard drive, to name just a few. Sophisticated software lets investigators search through thousands of emails – including those which the suspect had deleted from his system.