Criminals, lurking in the shadows of Internet, became more rampant and aggressive in their objectives while behind computers. With the resurgence and increased awareness of crooked wizards and robbery masterminds, computer forensics is quickly becoming a general discipline. Computer forensics is not just composed of police officers, secret security agents, and doctors. They work together with technology experts in efforts to curb crime by using advanced equipment. Computer forensics often involves scientists and lawyers, wherein they assist in accumulating and studying different objects as critical evidences for solving mysteries.
Computer forensics is a scientific sub-discipline of digital forensics involving systematic examination of media as acquired evidence. The process involves documentation, analysis, data recovery, and presentation of facts through extensive technological knowledge (Kruse and Heiser, 2002). Computer forensics and other related sub-disciplines in digital forensics have their respective scopes of responsibility, but work as a cohesive unit in achieving a certain objective. Computer forensics is one of the key sub-disciplines in digital forensics because of its systematic approach in crime analysis. Computer forensics also relies heavily on information from other sub-disciplines – it is not solely based on evidence from information acquired from computers. Critical evidence may come from networks, mobile phones, database, all of which may prove to be reliable sources interconnected to computers.
Technology has ushered in the new age and continues to have an effect in every facet and principle of human life. The objective and processes of computer forensics may be still in its infancy and experimental stages, as it requires further research while addressing the most pressing ethical and legal issues concerning this discipline. That does not necessarily mean that forensic professionals should veer away from traditional practices, but a solid framework, coupled with experience from respective disciplines can contribute towards the integration of ideas. Criminal law experts, tech specialists, and computer forensic specialists cooperatively work as separate entities.
Every stakeholder involved has a role in computer forensics – often used for litigation of crimes in government, judicial, and corporate sectors. Computer forensics is a fresh trend in the field of criminal law and the emerging field of study (Meyers, 2005), so further research and study contributes to the advancement and discovery of new technologies. Computer forensics professionals have a bigger role in the progression and development of old and new practices in litigation through using new forms of evidence.
The main objective of computer forensics is to preserve and ensure digital records for documentation and further cross-analysis purposes while maintaining accuracy and confidentiality. Instances of deleting and altering any virtual information for resolving cases may take place, so computer forensic professionals may need tools and software capable of reverting/maintaining digital evidence. While it is the role of computer forensics professionals to acquire digital evidence, they must be aware of the laws in place such as the civilians’ rights for personal privacy. Law et al. (2011) pointed out that a forensically sound model for protecting personal data does not exist, which may be a threat to personal and data privacy. Professionals in the field of criminology and technology normally team up with computer forensics analysts for the advancement of the discipline through research. They also work with different corporations such as security firms, intelligence groups, and/or business conglomerates tackle the working phase of computer forensics in the form of collecting virtual forms of evidence.
In performing the investigation throughout the case, both physical and virtual materials of evidence must undergo thorough analysis and experimentation for investigators and the jury to validate the statements. In finding evidences, a computer forensic specialist must follow the prescribed set of methods – one method includes unallocated file space examination (Bassett et al., 2006). They further inferred that the computer-processing unit does not simply remove files permanently, but transfers them to unallocated file space. General methods in computer forensic investigation involve protection of files inside the computer system/s from physical and logical defacement, recovery of potentially hidden and deleted files, data analysis and reports processing on examination phase. Preservation of data as evidence is also necessary through matching and verification of hash codes (Hassell, Ph.D. and Steen, 2005). It ensures and assures that there is integrity in doing the forensic investigation process.
For handling cases with more responsibility and attention to the smallest detail, it is important to maintain a chain of custody. It is a term specifically used in computer forensic investigations, where the evidence material undergoes strict detailing. An evidence custodian is responsible in maintaining a chain of custody as defined by Oppenheimer. An evidence custodian must record any information readily available such as facts related to the case, secure the evidence, and transport it to the repository of cases. Chain of custody is simply a documented timeline of how evidence is extracted until the judge delivers the final verdict. It also serves a purpose where instances of tampering and falsification of digital evidences are reduced and ensures reliability and accuracy (Wall and Paroff, 2003). Computer forensics continues to make strides as a field of science and as a profession – the academic field continues to contribute and raise concerns in this field. Forensic specialists and investigators must continue to receive proper knowledge and training in handling technology while sharing common practices for applied sciences.
References
Hassell, Ph.D, J., & Steen, S. (2005, August 1). Preserving and Protecting Computer Evidence. Retrieved October 6, 2014, from http://www.electronicevidenceretrieval.com/preserving_protecting_evidence.htm
Kruse, W., & Heiser, J. (2001). Computer forensics: Incident response essentials. Boston, MA: Addison-Wesley.
Law, F., Chan, P., Yiu, S., Chow, K., Kwan, M., & Tse, H. (2011). Protecting digital data privacy in Computer Forensic Examination. Retrieved October 6, 2014, from http://hub.hku.hk/bitstream/10722/139988/1/Content.pdf?accept=1
Meyers, M. (2005). Computer Forensics: Towards Creating a Certification Framework. Retrieved October 6, 2014, from https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2005-28.pdf
Oppenheimer, P. (n.d.). Computer Forensics: Seizing a Computer. Retrieved October 6, 2014 from http://www.priscilla.com/forensics/computerseizure.html.