What is computer forensics?
Computer forensics is a branch of forensic science which deals with the application of investigative analysis techniques on computers in order to retrieve and preserve evidence in a way that is legally admissible. This means that a major aspect of the science of computer forensics lies in the ability of the forensics expert to present findings in a way that is acceptable and useable by a court of law.
The goal of computer forensics is the performance of a structured investigation on a computing device to find out either what happened or who was responsible for what happened, while at the same time maintaining a properly documented chain of evidence in a formal report.
Computer forensics is an integral and necessary tool in the fight against cybercrime. According to the US Department of Justice, the term cybercrime refers to any illegal activity for which a computer is used as its primary means of commission, transmission, or storage and the term has rapidly gained acceptance in New Zealand. The list of criminal activities made possible by the widespread use of computers has grown exponentially in recent decades, and includes such acts as dissemination of computer viruses, network intrusion, identity theft, and even cyber-bullying, stalking and terrorism.
While computer forensics may have been used traditionally by law enforcement organisations like the Police in the fight against crime, there are presently many different areas of its application, as private and commercial organisations have adopted its use for a multitude of purposes. It is therefore the merging of computer-data recovery methods with rules and guidelines from the legal system in order to produce a legally acceptable audit trail.
Computer forensic methods started to be used for collecting digital evidence for courts in the mid-1980s, with the emergence and rapid growth in the use of personal computers by individuals and firms. Over the years, and as the use of personal computers increased and became even more widespread, cybercrime or computer-related crimes have also increased and become even more diverse.
The uses for computer forensics are varied. They range from helping law enforcement officials in the investigation of child pornography, to investigating fraud, murder, espionage, rape and cyber-stalking. In the private sector, computer forensics has been used by commercial organisations to investigate a wide range of cases including industrial espionage, fraud, intellectual property theft (now arguably the most prevalent example of cybercrime in New Zealand), forgeries, disputes with employees, regulatory compliance, bankruptcies and for the inappropriate use of a computer, internet and email in the workplace.
The discipline of computer forensics is very much concerned with the presentation of legally-acceptable evidence, reports and conclusions. This has made it necessary that computer forensic investigators must follow certain rules and guidelines in order to preserve the integrity of their work. Work is not done, for example, on the physical device in question, rather after it has been physically isolated, the forensic analyst must make a digital copy of the data.
To ensure that correct, court-accepted procedures are followed, the professional investigator should be using a suite of tools such as EnCase©, which is used by law enforcement authorities in New Zealand and internationally. This is particularly important, as the evidence discovered can, if appropriate, be handed to authorities such as the New Zealand Police in a form with which they are completely familiar.
It is the forensic analyst’s responsibility to avoid any change of data on a device that may be used as evidence in court. The audit trail created by the analyst must also be clearly understandable and a third party should be able to achieve the same results using the same processes.
As in many other professions, there are also issues that limit or adversely affect the performance of computer forensics experts. The number one hurdle a forensic analyst faces is encryption mechanisms. Although most encryption can be cracked using very powerful computers, there are still certain encryption keys that are either extremely difficult or nearly impossible to crack. In such cases, the analyst will be unable to proceed with that particular task.
Computer Forensics NZ Ltd is a supplier in the ADLS Member Benefits Programme and is a leading practitioner in the field of computer forensics, having successfully conducted hundreds of investigations since 1999.
Continuing the conversation ...
Computer Forensics would be pleased to answer any questions this article may have raised for you.
Simply call 0800 5678 34, or you may fill out the contact form via Computer Forensics’ website http://www.datarecovery.co.nz/contact-us/. Please identify yourself as an ADLS member when making the enquiry and ask for Brian.