Computer Forensics - a Meticulous Chore

A Backup Article Contributed by Ashley Lister

Computer Forensics - a Meticulous Chore

Computer forensics is a meticulous chore that involves skill, knowledge and a well-rounded understanding of technology. The people involved are knowledgeable in their subject and experienced in all forms of data retrieval.

The Computer Forensic Expert.

The computer forensic specialist who is summoned for a case will usually have a great experience on a wide range of hardware and software systems and applications. Because technology today advances at an astounding rate it would be inconceivable to demand a blanket knowledge of every piece of hardware and software currently available.

But, with so many systems being founded on existing technologies, and so many softwares operating to rules that have been long since established, the computer forensic specialist can usually fill in the gaps in their knowledge while they are working on each new case.

The Variety of Computer Forensics.

Just as physical written evidence (papers, books and notepads) can come in many different forms, so can the evidence that computer forensic specialists need to retrieve from a machine. Picture images, movie images, sound files, spreadsheets and word processing documents are just a small portion of the files they are called on to recover.

Computers are able to store and use a variety of different versions of a file and in many cases it is this variable that helps the computer forensic specialist to retrieve the required data. Many times, it is the case that simply knowing a file might have existed on the hard drive can give the competent expert a chance to retrieve partially deleted data. Often this is helped when the computer forensic expert knows exactly which type of file is needed to be found.

Computer Forensics at the Crime Scene.

During those inspections that occur at the scene of the crime, or even at the scene of a suspected crime, computer forensic experts are possibly the most suitable people to take the first examination. Because they are experienced in dealing with computers and similar environments, they are invariably the most likely people to work out where any suspect storage media may be concealed. An initial examination of the computer's regular location can also give clues as to the types of software that have been loaded on a machine, which could all help in the ultimate retrieval of evidence.

Obviously the safeguarding of evidence is of paramount importance, as is following the correct procedures for protecting evidence. However, safeguarding the evidence can become something of a problem in the case of files that may already have been deleted. There is always a grave risk that, when a computer is started up, the valuable fragments of deleted files might be overwritten during the boot procedure.

At the scene of any suspected crime, computer forensic experts are expected to:

* ensure evidence is not damaged, destroyed or compromised.

* ensure no virus is introduced to a subject computer.

* ensure retrieved evidence is properly handled and suitably protected.

* ensure, establish and maintain an appropriate chain of evidence.