Computer Forensic Technicians

A Backup Article Contributed by Ashley Lister

Computer Forensic Technicians

Contrary to popular belief, Computer forensic technicians do not have to have a host of specialist tools at their disposal for the collection of evidence. Quite often it is possible to extract incriminating evidence without resorting to specialist softwares or utilities. It is only rarely that technicians have to fall back data retrieval programs that can either undelete files, decrypt encrypted programs, or locate hidden files.

Computer Forensics - What is Required.

The main thing required by any computer forensic technician is an understanding of the principles and laws that govern the acquisition of evidence. In order of importance these include:

* "Freezing" the scene of the crime, so that evidence can be collected as early as possible without any risk of contamination. This is vital in any acquisition of evidence but it is particularly important in the world of computer forensics.

* "Continuity of evidence" or "chain of custody", that is, collecting information in such a manner that it can be later demonstrated in court how the evidence was obtained with proof that there was no risk of alteration to provide a more damning case. Again, this is also vital in all other spheres of evidence collection but, because data retrieved from computers is so difficult to quantify, technicians need to pay special attention to this detail.

In most cases these simple techniques are sufficient to allow a technician to extract data from a computer and use this forensic evidence to help bring about a successful defense or prosecution.

Other Items for the Computer Forensic Techinician's Toolbox.

Obviously the above is vital for any computer forensic technician, but all too often it is not enough. Certain viruses can wreak havoc on hard drives and knowing how to work around such a problem is what differentiates a mediocre technician from a superior example. There are also devices and utilities, easily available, that can encrypt data, destroy data, or effectively hide data so that it is no longer possible to be used as evidence.

The competent computer forensic technician should be aware of all of these devices and should be armed with appropriate utilities and software to help him counteract their use.

In the second layer of the technician's toolbox there should be:

* a comprehensive knowledge of computers and associated technology.

* a comprehensive knowledge of the law and how it applies to computer forensic evidence.

* a variety of utilities for data extraction and the competence to use these utilities prudently.

The Reasons for Computer Forensics.

Computer forensic technicians are called on to help the authorities for a variety of reasons. The cases they are involved in range from cyber-crime in all its forms, through theft and fraud to a variety of pernicious crimes of a sexual nature. Computer forensics have also been used to help successfully prosecute in some homicide cases and, because of the advancements that are being made in this technological battle against criminals, it is hoped that the achievements continue to develop at a faster pace than those whom they are fighting against.