Electronic communication has replaced written hard copy as the primary source of corporate communication. Today, some 70% of corporate communication exists only in electronic form.
Additionally, online criminals such as paedophiles use the internet to share illegal images or to visit chatrooms to groom unsuspecting children.
Unsurprisingly, the computer is now the focus for any firm investigating a breach in corporate security, or any police force investigating paedophile activity. Computer systems – from single hard drives to a network of servers and desktops – are invariably the place to start snooping for incriminating data.
The Digital Forensic Investigation Process
The data recovery process is the fist step in forensic analysis. This is the stage that uncovers any data relevant to the investigation; it’s the process that tells the forensic examiner whether a computer is hiding something or not.
After a suspect’s computer has been confiscated, digital forensic technicians employ sophisticated data recovery techniques to retrieve any incriminating data. The forensic investigator then analyzes the data for its evidential value and presents the evidence in a way that will be admissible in a court of law.
Key Terms
The term ‘Active Data’ describes the original accessible data on the hard drive or tape – the data that would have been accessible to the particular user working with the computer.
The term ‘Recovered Data’ refers to the restoration of previously deleted data. Some deleted files are recovered completely, while some are recovered in scraps and require expert analysis to put the puzzle back together.
The term ‘Unused Space’ describes the free or unallocated portion of the hard drive. There are two types of computer space: space on the hard drive that has never been used; and space used to store deleted data (deleted data can be overwritten with new information).
Criminal Activity Requiring Digital Forensics
Hackers, white-collar criminals etc. use modern technology to commit crimes including:
- Digital deception
- Virus/Trojan/Denial of Service attack
- Downloading/sharing illegal digital content (obscene images/piracy)
- Unofficial Data replication
- Confidential enquiry of PC, PDA and Cell phone/Mobile Phone usage
- Fraud, forgery and theft
- Business shadowing
- IP Theft
- E-nuisances such as harassment and stalking
- Computer Break-ins
- Identity theft
Other Applications of Digital Forensics
Apart from recovering incriminating files, data recovery and forensic investigation can also reveal such things as the names of websites visited, what emails were sent/received by an individual, and at what time any suspicious user activity took place.
As most modern offices are fully computerised and store information on central servers, digital forensics can also reveal the identity of any users on a network who may have abused their access rights to view sensitive data.
Note: With regard to the above point, Fields Associates cannot stress enough the importance of implementing a robust network security policy within any organization.
In summation, in an increasingly digital world, it stands to reason that criminal activity involving computers will also increase. Correspondingly, the need for digital forensics and data recovery will also grow. Therefore, it is inevitable that digital forensic investigation will emerge as one of the most vital aspects in many corporate and legal investigations.