History of Computer Forensics
Computer forensic refers to the preservation, identification, extraction, interpretation and documentation of computer evidence (Wiles, Cardwell, and Reyes 2). Such evidence retrieved is usually aimed to be used in a court of law. Electronic crimes increased in the 1970s especially in the financial sector. These crimes resulted because people saw an opportunity of making money by manipulating computer data (Nelson, Phillips, and Steuart 5).
According to Mohay (113), computer forensics was first used in the 1970s by the US military and intelligence agencies. Daniel (14) notes that computer forensics began in 1984. During this year, the FBI created a program called the Magnetic Media Program. In its initial year, this program dealt with three cases. The program later evolved to become the FBI Computer Analysis and Response Team (CART) program (Daniel 14). As of 2009 the number of Computer Forensic labs run by the FBI had increased to fourteen.
The use of computer forensics has been employed by government agencies in an effort to reduce criminal offences relating taxation and revenue collection (Mohay 114). Most of these were government agencies such as the Internal Revenue Service Criminal Investigation division. Mohay (114) suggests that the introduction of the IBM personal computer created problems in dealing with computer investigations. This was due to the ability of using these computers to alter data without a trace and the ability to delete or hide data. Consequently, the availability of the personal computer provided criminals with easier ways of carrying out their activities. The rise of crime related to computing resulted to the need of developing new approaches of addressing problems caused by the new technology, and thus the need for Computer Forensics. There has been the introduction of law enforcement programs that use computer forensics (Daniel 14). Examples include Operation Fairplay that deals with child pornography and Internet Crimes Against Children (ICAC) that train law enforcers on how to deal with Internet predators (Daniel 15).
Job and Employment
Specialists in computer forensics search for evidence stored on computers that have been used to carry out illegal activities (“Forensics” 6). Some of these illegal activities include credit card fraud, child pornography, identity theft, hacking into corporate, individual or government computer systems, stealing of trade secrets from various organizations and acts of terrorism (“Forensics” 6). The computer specialist uses various techniques to extract information from computers. An example of this technique is referred to as imaging. Imaging involves the establishment of an extra copy of the data on the computer’s hard drive (“Forensics” 6). This ensures that data loss is prevented, and accusations of data tampering are prevented. An example of imaging software used is the EnCase software, which allows data extraction from sources such as ZIP drives, cell phones and MP3 players. Likewise, the Vogon Forensic software allows the indexing of the drives contents, which allows the forensic specialists to search through the drives contents quickly, in addition to creating an extra, copy of the drive (“Forensics” 6).
For the computer specialist to ensure that evidence collected is valid in court, the specialist has to ensure that certain regulations are followed (“Forensics” 7). It is a requirement that the computer forensics specialist keeps a detailed record of activities involving data collection. In addition, they must follow what is referred to as a chain of custody, which entails strict recording of the information gathered from the first day of investigation up to the time of providing the evidence in a court of law (“Forensics” 7).
Computer forensics specialists can work in law enforcement capacity in the FBI, CIA and local police force. In addition, they can work in the business sector in identifying activities that may compromise security and business productivity. An example of this is where employees of a company use company’s Internet access to visit adult content websites (“Forensics” 7). Furthermore, computer forensic specialists can be employed by insurance firms, law firms or can be self-employed working as consultants.
Important Courses in Computer Forensics
Various institutions offer courses in computer forensics. Examples of the courses as listed in the Electronic Evidence Information Center include Cybercrime Degree and Certificate, Computer Forensics, Forensic Investigation-Computer Crime Option, Computer Security and Forensics, Certificate in Computer Forensics I and II. Others include Technological Crime Learning Institute, Advanced Diploma in Computer Forensics, Computer and Digital Forensics Program, Digital Forensics Track, Computer Forensics Certificates and Associates Degree, Forensic Computing MSc/PG Dip/PgCert, Digital Forensic Science. Furthermore, Masters in Criminal Justice-concentration in computer Forensics, M.Sc. in Security and Forensic Computing, Schools of Cyber Crime and Forensics Investigations, Digital Forensics Certificate Program, Computer Security and Investigations, AAS in E-Crime Investigation, Computer Forensics Certificate, Network Security and Forensics, MSw/ concentration in High Technology Crime Investigation, Computer Forensics and Security, Postgraduate Diploma in IT Forensics, Technology Forensics, Certificate Program in Computer Forensics, MSc in Forensic Computing, Digital Forensics MS, BSc (Hons) Computer Forensics, Forensic Computer Investigation Certificate, Concentration in Forensic Computer Investigation, (“Digital Forensic Education” 1), MSc Forensic Information Technology, Digital Forensics Programs-Undergraduate, Certificate and Graduate, BSc (Hons) Forensic Computing, Certificate in Digital Forensics, Undergraduate program in Cybersecurity and Information Assurance (“Digital Forensic Education” 1).
Reason for Computer Forensics in Legal Crimes
Vacca (10) notes that in recent years’ evidence gathered from computers is proving to provide reliable information that is being used as evidence in courts of law. In the process of stealing electronic information, criminals tend to leave evidence of their activities on their computers (Vacca 10). According to Maras (28), computer forensics may be employed in conducting both private and public investigations. In addition, most of the evidence presented in courts heavily relies on the information provided by the computer forensic specialist. The government and other law enforcement agencies use computer forensics to investigate and prosecute crimes. Criminals make use of computer technology to conduct crimes such as fraud, extortion and computer virus distribution (Maras 28). Each of these incidents necessitates the use of computer forensic investigations to establish sufficient evidence to present in court of law. Maras (28) further notes that computer forensic investigations in the private sector can be used to detect policy violations. These policy violations include industrial espionage, destruction of data, use of company computer to send threatening emails, storing of pirated software in the company computer.
Cases Where Computer Forensic was used
Mohay (118) provides examples of situations where computer forensics has been applied. For instance, in 1998 the New York State police computer crimes unit helped the State Police Highland to examine two computers believed to have information on a homicide. The forensic analysis of the home computer provided evidence of Internet chat room transcripts that contained murder threats by the suspect. With this evidence in court, the suspect pleaded guilty to committing the homicide (Mohay 119). Likewise, computer forensics can also be employed in solving narcotics cases. This can be illustrated in a narcotics case that occurred in the UK where one specific document created on a computer was a key part in the case. Forensic analysis helped to determine that the document was created in 1999 and not in 1997 which was the date that the printed version indicated that it was created. Further analysis indicated that the printed document and electronic version were similar in the typing mistakes that were made. These details helped to convict the suspect to ten years imprisonment (Mohay 119).
Another example of the use of computer forensics is in cases involving child pornography. Mohay (119) indicates that in 1998, forensic analysis of computer seized in a major raid of a child pornography ring known as the Wonderland club helped to provide information on how the suspects used over 10,000 child images to earn money.
Benefits of Computer Forensics
According to the Ec-Council (3), computer forensic provides a number of benefits especially since there is an increase in electronic crimes. In addition, financial losses resulting from computer crimes have increased the need of using computer forensic technology in an effort to reduce such losses. In various organizations, computer forensic can be used to ensure that integrity of computer systems is maintained. In addition, computer forensics helps the organization to record vital information in cases where the computer network may be compromised. Consequently, computer forensics will assist the organization in extracting, processing and interpreting information that can be used to prosecute criminals that have interfered with the integrity of the network (Ec-Council 3). Furthermore, the use of computer forensics is essential in tracking down terrorists and cyber criminals from various parts of the world by tracking of IP addresses that the criminals and terrorists use for communication. Further, computer forensics proves to be useful in cases of email spamming and child pornography. In the process of using computer forensics technology, organizations save time and money.
Rules of Computer Forensic Investigations
The Ec-Council (4) provides certain rules that need to be observed while conducting computer forensic investigations. The computer forensic specialist has to ensure that procedures used in the investigations do not compromise or damaged potential evidence. In addition, in the analysis process, no computer malware should be introduced in the computer being investigated. Furthermore, data or information extracted should be properly handled. This ensures establishment of a chain of custody as a means of accountability of the evidence. Moreover, in the process of undertaking forensic analysis, minimal interference should be experienced in conducting normal operations (Ec-Council 4). Additionally, computer forensics should be conducted in accordance to the ethics governing investigations.
Computer Forensic Methodologies
In order to accomplish computer forensics investigations, various methodologies are used. According to Ec-Council (4), the computer forensic methodologies employ certain basic activities in order to fulfill obligations of investigations. One of these basic activities includes preservation of the integrity of the original information. In addition, another basic activity includes identification of the evidence or data and its site or location. Following the identification of the evidence, extraction of the data is done using a copy made of the original evidence to ensure the integrity of the actual evidence is not compromised. Consequently, the extracted data needs to be interpreted to be used in a court of law. During the whole procedure of computer forensic investigations, documentation is essential as a way of providing credible evidence.
Tools used in Computer Forensic Analysis
Tools used in computer forensic analysis may be categorized in various groups such as availability, law enforcement only (LEO) and function. Under availability, computer forensics may include commercial software or open source tools (Daniel 36). Forensic tools under law enforcement are specifically manufactured for use in law enforcement agencies. In the function category, tools may be classified as suites (those that provide a wide range of functions), task specific or acquisition oriented tools. Examples of software used to acquire information include Linen, Encase, Forensic Replicator and the FKT Imager (Daniel 37).
Works Cited
Daniel, Lars. Digital Forensics for Legal Professionals: Understanding Digital Evidence From
The Warrant to the Courtroom. Waltham: Elsevier, 2011. Print.
“Digital Forensic Education”. e-evidence. n.p. n.d. Web. 27 May 2012.
Ec-Council. Investigation Procedures and Response, Book 1. New York: Cengage Learning,
2009. Print.
Forensics. New York: Infobase Publishing, 2011. Print.
Maras, Marie-Helen. Computer Forensics: Cybercriminals, Laws and Evidence. Sudbury: Jones
& Bartlett Publishers, 2011. Print.
Mohay, George. Computer and Intrusion Forensics. Norwood: Artech House, 2003. Print.
Nelson, Bill, Amelia Phillips and Christopher Steuart. Guide to Computer Forensics and
Investigations. Boston: Cengage Learning, 2010. Print.
Vacca, John. Computer Forensics: Computer Crime Scene Investigation. Hingham: Cengage
Learning, 2005. Print.
Wiles, Jack, Kevin Cardwell and Anthony Reyes. The Best Damn Cybercrime and Digital
Forensics Book Period. Burlington: Syngress, 2007. Print