Modern detective work now involves using computer technology to assist with an investigation, with many of the traditional methods of crime solving now done more quickly and efficiently, courtesy of our computer friends. The advancement of technology also has had an effect on the criminal side of things, and cybercrime continues to become more elaborate each and every year. The use of computers in illegal acts has given rise to a whole new investigative division in the crime fighting world. That would be computer forensics, and experts in the field use their knowledge of technology to run down perpetrators who use computers to commit criminal acts.
While computer forensics is far more high tech than every other method of investigation, the three main things that the specialist is trying to find out are in fact exactly the same as in any other case. That usually boils down to figuring out what happened, when it happened, how it happened, and who was involved. Those rules apply in every investigation, big or small, but with computer forensics, the way that all that information is obtained is what sets it apart from all other methods of investigation.
Criminals who use computers to pull off a crime usually tend to believe that they have completely covered their tracks by simply deleting any or all files used in the crime. It’s much like a thief believing he is safe because he wiped off all his prints, but a good detective will always find a way to gather a damning piece of evidence. When it comes to computer forensics, the specialists start by scouring for deleted files and fragments that can be pieced together to find what they need. These are usually in places within the system that the average computer user wouldn’t even know where to look, and is sometimes referred to as slack space by the pros.
It’s not just as simple as powering up the computer and doing a search, and oftentimes very specific tools and software are required in order to get at the files they need. Even the most diligent of computer criminals is bound to leave a few crumbs of evidence that are just waiting to be found by the pros, and once it has been discovered, it usually doesn’t take very long to fill in all the blanks.
There are very specific steps that have to be followed on order to get to the info, as well as being able to make sure that the evidence stands up in court. The integrity of the computer that is being investigated has to be maintained, which means that the specialists generally make a forensic copy of all the information on that PC. Not all of the files on the computer are actually relevant to the investigation, so everything must be gone over with a fine tooth comb, and only the information that is necessary is then extracted and saved on storage media. The final key is to interpret the evidence found to make sure that criminal intent is there, and that may be the hardest part of the whole process.
Computer forensics continues to evolve as technology becomes more and more sophisticated, but criminals had better understand the professionals will always be at least one step ahead of them.