In lamens terms, a computer forensic searches, analyses and preserves information on computers to find evidence in a trial.
A recent example would be during the highly publicized Simon Gittany murder trial where a computer hard-drive was suspected to contain surveillance camera footage detailing what happened when Gittany’s fiancée plunged to her death.
Police suspected that the contents of this hard-drive contained vital clues but was never found. This is precisely the type of computer forensics evidence that gets used in trials but there are many different ways to locate these types of evidence.
Here’s just a few:
ANALYSIS
Often what happens in these types of computer investigations is the individual in question will try to hide data containing incriminating information. A common method will be to rename a file or change the extension (link).
Someone might be hiding illegal pornographic images so they change a .jpeg extension to .xls which makes it very difficult for investigators to easily locate evidence.
A forensics specialist might counter this tactic by running an analysis of the hard drive to flag suspicious files. Once the search has been completed, the specialist will then make a determination of the correct file types and all hidden files will be exposed.
DECRYPTION
In this digital age, criminals have become more and more technologically advanced. This has forced computer forensic specialists to dedicate large amounts of time and patience when collecting evidence. More often than not criminals will impose passwords or even encrypt files to prohibit anyone from gaining access.
Forensic specialists then must work hard to first locate then decrypt these files using advanced hardware that hopefully provides vital evidence in disciplinary action or prosecution.
SECRECY
It’s a little known fact that computer forensics usually conduct their investigations under extreme secrecy. The reason for this is because the most damaging evidence comes from suspects who have shared evidence unwillingly with specialists pretending to be civilians.
By remaining undercover, computer forensics have the best chance to locate crucial evidence and once gathered, the specialists will compile a report that gets presented as evidence in court.
These are just a few examples of how Computer Forensics gather evidence in investigations but it must be noted that this field must constantly evolve. Today, with hard drives capable of holding terabytes of data forensic computer specialists must constantly invent better ways to search for evidence.
Want to read an article about surveillance?
Then check out: Surveillance and Australia part 1