This post was submitted on - April 30, 2008
Computer forensics is a field that more people are finding themselves in need of and few actually understand. A look behind the curtain reveals this profession has more applications than many realize. In fact, there is much more to computer forensic investigation than just criminal cases.
Computer forensics itself is a synthesis of computer and investigative sciences. While it is featured heavily in police work, this field extends into much broader arenas. Computer forensics experts are keenly skilled at finding lost, hidden or damaged data on machines that might prove valuable in criminal or civil cases. They do this through a very precise investigation that is designed not only to find evidence – if it exists – but also to protect it for presentation in court.
While computer forensics experts often have law enforcement backgrounds or at least undergo the same training, their expertise is valuable in a number of other fields, as well. Some of the most common applications computer forensics experts find themselves working in outside of law enforcement include:
Corporate assistance – Computer forensics experts are uniquely qualified to help corporations with internal security, staff training and more. Since they often work with the aftermath of sabotage and hacking, they are skilled at providing the most effective suggestions for securing networks.
Individual client help – Some computer forensic experts will take on cases brought to them by individuals. These might include such things as tracking what teens or spouses do online or even helping an individual recover data from a damaging crash.
Legal arena – Going beyond criminal cases, some computer forensic experts will step in and help with civil cases. They sometimes work directly for or with legal teams.
There is more to computer forensics than meets the eye. This dynamic field is becoming one that is in high demand outside the criminal arena.
Popularity: 72% [?]
Share This
This post was submitted on - April 28, 2008
Evidence isn’t always tangible in the sense that it can be picked up and held. Sometimes a smoking gun, so to say, is a little more nebulous. In fact, very often in today’s world, evidence is found trapped on computers, locked in data files or stored on disks. It is precisely this kind of evidence that forensic computer experts dedicate themselves to finding.
Forensic computer investigations involve very precise measures that enable professionals to find files that might prove or disprove a case. Combining computer and forensic sciences, this type of investigation takes place a little differently than others in the criminal or even civil arena. Rather than scour a room or crime scene for clues, computer forensics experts scan hard drives, retrace actions and even retrieve old conversations and email to find out what a person has done or not done with a particular machine. If it is believed a particular machine will net evidence, a rather detailed chain of events is generally triggered.
To find that proverbial smoking gun or prove it isn’t there, forensic computer investigators will generally start with a basic scan and then escalate a search to include:
Hard drive cloning – This involves the complete replication of a computer’s hard drive. This rather time consuming task is performed to ensure that evidence on the original hard drive is not damaged or tampered with.
Investigation – The investigation phase will generally take place on the cloned hard drive. It is from this copy that forensic computer investigators will seek out lost or damaged files, retrace Internet use and even try to see if they can restore data that might prove or disprove a case.
Documentation and protection – During the investigation phase, if evidence is found it will be carefully documented. It will also be preserved for presentation in court, if necessary. Skilled forensic computer investigators will take the right steps to preserve evidence and ensure its proper presentation in court.
In today’s age of computer, evidence isn’t always as cut and dried as it was in the past. Sometimes the smoking gun turns out to be a file trapped on a hard drive. When this is the case, a forensic computer investigator can find it.
Popularity: 72% [?]
Share This
This post was submitted on - April 23, 2008
Read the headlines in newspapers or online on any given day and chances are at least one horror story related to children and computers will present itself. From cyber bullying to online stalking of unsuspecting children and teens, the potential for serious problems when kids and computers mix without supervision is high.
Parents who want to make sure their children are behaving appropriately while online are finding that computer forensic experts can help them. While this is a rather unorthodox thing for parents to consider, many find the benefits far outweigh the negatives by a ton and then some.
When computer forensic experts are brought in to help parents see what their children have been up to online, parents can expect a few things to take place. These experts will generally try to trace the steps youngsters have taken while online. This might include:
Retrieval of data – Computer forensics experts will seek out hidden, damaged and deleted data to give parents an idea of what children are writing, downloading and doing. This can be very enlightening for parents who are unsure of what their children are up to while they are using the computer.
Recreation of Internet use – In some cases, computer forensic experts can show parents exactly what children and teens are up to when they are online. This might include revealing visited websites and e-mail and instant message retrieval.
Input tracking – It is sometimes possible for computer forensic experts to even determine what children type while they are online or on a computer in general. This can be very eye-opening for parents.
As the potential dangers of the Internet become clearer, many parents are finding that their best weapon to help their children avoid problems is knowledge. When finding out exactly what they have been up to is the desire, computer forensic investigators can help. While some parents might view this as an invasion of privacy, others see this as the only smart way to make sure their children stay safe from predators that lurk online.
Popularity: 72% [?]
Share This
This post was submitted on - April 21, 2008
Some people falsely believe that computer forensics is a very narrow field with only a few practical applications. While it’s true the profession tends to intertwine with law enforcement on a regular basis, it does serve a host of other purposes, as well.
Computer forensics investigators are highly trained experts that know how to search a computer from top to bottom to find evidence in criminal and civil cases. While these specialists often come out of the law enforcement field, their work is frequently called for by outside agencies, as well. In fact, some computer forensic experts create their own firms to cater to:
The legal profession – Computer forensics investigators often work hand-in-hand with legal teams to ferret out evidence in both civil and criminal cases. Since these experts are well trained in evidence location and preservation, they can help prove cases that involve computers one way or another.
The corporate arena – Companies very often hire computer forensics experts to help them with internal and network security issues. These experts are uniquely qualified to help companies protect themselves from hackers and Internet-based thieves. Computer forensic experts can also help with employee training, document cataloging and even protocol and procedure formulation.
The private realm – Computer forensics experts are sometimes hired by private citizens to help them in a number of different scenarios. Thanks to their ability to retrace actions that have taken place on a computer, they can help parents determine what their children have been doing online, assist spouses who suspect adultery and more. In some cases, forensic computer experts are even willing to help individuals and companies recover data after a crash.
There is more to computer forensics than many people understand. This highly specialized field does have applications that are far reaching. Depending on the firm in question, people will find that computer forensics experts are often more versatile than they might seem.
Popularity: 75% [?]
Share This
This post was submitted on - April 18, 2008
Television and movies always make things look more simplistic than they really are. This is often the case with forensic computer investigations. While a good show can have a computer savvy investigator wrapping up a case within a half hour, real investigations are serious business that can involve some serious time.
Forensic computer investigations are based on hard science and proven investigative techniques. A hybrid profession, those who follow this path are expected to understand the inner workings of a computer intimately. They must also understand sound investigative rules and regulations, evidence protection and even court procedures.
When a computer forensics expert is called in on a case, a very meticulous process is likely to unfold. Skilled experts in the forensic computer field will begin a search for evidence with a basic scan of a computer. The initial stage of an investigation is simply meant to help an investigator gauge the likelihood that evidence will be found on a machine. If the chances are high, the next step likely will involve a complete cloning of the hard drive. The replica is created to help computer forensic experts thoroughly search a machine without risking damage to original files and evidence.
When a forensic computer investigation makes it to the cloning stage, the real work begins. From the clone, the investigator will seek out lost, deleted and even damaged data that might relate to a case. If it is found, it will be documented and secured for presentation.
While forensic computer investigations can be long and even tedious, they do produce results. Investigators in this field are credited with closing cases both civil and criminal in nature. They can help companies protect themselves from hackers and espionage. They can even assist parents in discovering what their teens have been up to online.
The movies and TV might make it look easy, but the truth is forensic computer investigations are serious business. This process, however, can pay off with results.
Popularity: 73% [?]
Share This
This post was submitted on - April 17, 2008
A Scope of Work (“SOW”) agreement needs to be an integral part of every forensic computer case. In a recent class action lawsuit, the plaintiffs agreed to pay for the computer forensics expert. Search terms were defined, responsive and non-responsive items identified, and the expert was assigned to work under the direction and control of the defendants’ counsel—not the plaintiffs’ counsel. However, when the defendants modified the scope of work without agreement from the plaintiffs, thus increasing substantially the computer forensics expert’s invoice, the plaintiffs sought relief. The court agreed, and ordered the defendants to pay for everything not originally agreed to (Henry v. Quicken Loans, Inc., 2008 WL 474127 (E.D.Mich. Feb. 15, 2008).
The above citation is unique in that the court had a part in determining the SOW, but had the computer forensics examiner not had an agreement in place, it is questionable whether the additional billing would have been justified, or paid. Most of our cases do not result in this type of dispute; regardless, an SOW will always help define anticipated production and expectations, and justify additional billing when the examination is altered by the client or their attorney.
An effective SOW for computer forensics needs to include those items peculiar to this type of examination, and at the minimum should include:
• The name of the case, and whether the forensic computer examiner is being retained by plaintiff or defense counsel.
• A brief synopsis of the case and the goal of the examination.
• What information or data does the client need extracted, specifically? E.g., documents, Excel spreadsheets, e-mail, graphics, etc.
• What keywords, e-mail addresses, URLs, etc., are of interest?
• Define the relevance of the extractions, and where it might be located.
• Does the client want or need unallocated space searched or examined?
• What are the time constraints? If the data is needed for a mandatory settlement conference in the near future, are the goals reasonable?
• Lastly, and very important, is the signature line, with date. The client needs to sign-off on the SOW.
A little effort at the beginning of an examination will go a long way to eliminate misunderstandings later on as the computer forensics exam progresses.
Popularity: 82% [?]
Share This
This post was submitted on - April 16, 2008
It is estimated that average employees spend at least two hours a day playing around on the Internet doing things other than their assigned jobs. While it’s nice to see employees keeping up with world events by scanning news headlines and more, companies can lose a great deal of money as a result in downtime and loss of productivity. Computer forensic investigations can help corporations fight back.
Computer forensic investigations can give employers a great deal of insight into how individual employees spend their time on the Internet and more. When skilled professionals are brought in to track usage, find things that are out of order and crack down on misuse, some amazing things can happen. The fact is it is very hard for employees to hide nefarious actions from these skilled investigators. Depending on a company’s personal needs, a forensic computer investigation can help:
Ferret out individual policy breakers – Some companies hire computer forensic experts to help them investigate individual employees. If problems are suspected with a single person, a company will find a computer forensic investigation can prove the truth of the situation one way or another.
Put all staff on warning – The mere presence of a computer forensic investigator can often scare employees straight. If they know their actions are being tracked, reviewed and scrutinized, this is very often more than enough to stop downtime events from happening.
Track and locate illegal activity – If an employee has been accused of harassment or another serious crime, computer forensics investigations can often help make or disprove a case. When experts scan individual machines, they can turn up evidence or disprove its existence. When it is necessary to find out what employees are doing with their time, computer forensic experts can help. Whether there is a need to investigate a single employee or a desire to track and entire company’s actions, these pros can deliver.
Popularity: 74% [?]
Share This
This post was submitted on - April 15, 2008
We have discovered in our nearly ten years of doing computer forensics that not always is the best service provided by immediately examining a hard drive (“HDD”). Often times we best serve the client by consulting on how best to go forward and that may not include an immediate retention for forensic computer services.
For example, we were contacted last week regarding an IP (Intellectual Property) case. After a lengthy discussion we suggested that DataChasers act as a special master (sometimes referred to as court appointed), representing both sides, and that they split the cost. The work required of us had equal merit for both sides, and it would take no longer to provide it to both plaintiff and defense than it would to only serve one party. This turns into a win-win for all concerned; DataChasers still gets retained, but it will cost each side half the amount if would if they retained individual computer forensics experts.
There are obviously limitations on making this work. Paramount is the ability of the attorneys to work together. Some litigation is so contentious that this is simply not practical. Another consideration is the time parameters, which now have to accommodate both plaintiff and defense. We also have to consider the individual needs of each party. For many computer forensic examinations, the extracted evidence need for each side is different, which makes a split-cost invoice difficult. One side will obviously not want to pay for data that only benefits the opposing side.
Often times we consult on bringing in additional experts, or processing the data in a manner that the client had not thought of. Many people are unfamiliar with e-discovery (ESI, electronically stored information), and how it differs from computer forensics. And often times that is the service that is required, rather than a forensic computer exam.
Regardless of the case, a good consultant, who knows what they are doing in this business, is a valuable asset to any litigation.
Popularity: 72% [?]
Share This
This post was submitted on - April 14, 2008
Criminal and civil cases that involve the use of a computer in the commission of the questionable act can be very difficult to prove unless the right experts are called in to help. This is where forensic computer professionals shine. While they are most closely associated with law enforcement, forensic computer experts are striking out on their own more and more. These highly skilled professionals will sometimes work for individuals, law firms, corporations or within their own businesses.
When they are brought in to help with a civil or criminal case, a number of things can happen that might not otherwise be possible. They include: The location of hard evidence – When a computer has been used to commit a crime, for example, proving “whodunit” isn’t always easy. Computer forensics experts, however, know exactly how to search computers for lost or deleted files, track usage history, recover damaged files and more. If evidence is to be had on a particular machine, a computer forensic expert will find it. If it’s not, they can also help clear a case by proving so.
The protection of evidence for presentation – Finding evidence is often not enough to actually close a case and realize resolution. To make sure that evidence stands up, skilled forensic computer experts properly document and safeguard it. The presentation of evidence – Many computer forensic experts are more than willing to testify in court. Since this field is rather complex, it can pay to have expert testimony and explanations.
In most cases, forensic computer experts will have the innate ability to explain to a judge and/or jury how evidence was found, what procedures were used, how it relates to the crime and more. This testimony can often make a case. Forensic computer experts are available for more than law enforcement use. When these pros strike out on their own, individuals, firms and companies can hire them to help get a job done and close a case.
Popularity: 69% [?]
Share This
This post was submitted on - April 10, 2008
Computer forensics isn’t just about after-the-fact investigations. Parents, employers and others can hire forensic computer experts to give them a little extra peace of mind and an ability to become proactive in computer-based defense. Depending on the computer forensics firm in question, individuals, corporations and others will find these services are available to help them before problems arise and even if they are simply suspected:
Network defense – Computer forensics experts are uniquely qualified to help people protect their home and office computers from hackers, thieves and other unruly sorts. Since computer forensic experts often deal with the aftermath of technology based crime, they know how the bad guys get in and they can recommend the right steps to take in order to keep this from happening.
Advanced training – Some computer forensic pros are willing to teach individuals or groups of employees the proper way to dispose of electronic files, how to make safe backups and more. They are also well versed in just how to clue people into the consequences of taking illegal actions on company computers. When computer forensic experts show a group of employees, for example, just what they are able to track during an investigation, eyes will be opened.
Surface scans – Parents, employers and others that want to see what their computers have been used for by others will find computer forensics pros are the ideal experts to call upon. These investigators know how to track usage history, find hidden files and more. Parents, for example, can greatly benefit from this if they suspect their children have been using the Internet for actions that are less than acceptable.
Computer forensics experts can deliver many important services to individuals and corporations outside the scope of criminal investigations. When these experts are called in, proactive measures can be taken the protect companies and families from disasters.
Popularity: 79% [?]
Share This
