A criminal usually leaves behind clues at the scene of the crime. The forensic experts gather and use such evidence to help build a case.
Computer forensics does exactly this, only the evidence here is digital instead of physical. The sleuths at work are the new age Sherlock Holmes, and they use the same tools, only the space is virtual. Categorically put, computer forensics involves the searching, gathering, analysis and presentation of a set of digital evidences pertaining to a crime. Of course, the main area of work is computer crimes, i.e. an illegal act where the computer has been used to perpetrate it, or has been a victim of the said act. To summarise, this is what computer forensics does:
- Secure, search and gather: Like the scene of a physical crime, the scene of a digital crime also needs to be 'sealed off' to protect the evidence from getting tampered. Then the experts will search for the evidence and gather it for use.
- Analyse: The computer forensic experts can analyse the evidence and arrive at conclusions using their specialized tools and software. Needless to say, these experts need to b trained in law and IT both.
- Presentation: This is the most crucial step. The expert now either provides the court or client with the evidence or acts as expert witness at court to make the presentation. Evidence is accepted in the court only if it is presented in an untampered manner and in a way acceptable to the court. There are specific guidelines on this, and if they are not followed exactly, then the case will be lost. It must also be borne in mind that the judge or jury may not be computer experts. So while they are aware of the legal parts of it, they need to be made aware of the evidence and its importance in a language that is easy to follow and comprehensible. Apart from speaking, any tables, charts, or graphics presented must also keep to the guidelines and be in a layman-friendly language.
What Crimes can be Investigated?
A whole range of computer crimes are investigated using this method. This includes illegal entry to a system, accessing information illegally or without permission, violating internet laws, violating the privacy of an internet or digital device user, threatening, stalking or sending offensive messages to a digital device user, using the digital device for blackmail or exploitation (including sexual harassment and exploitation), causing inconvenience to users of government services on the internet (imagine a soap ad pop-up in the UK army website!), and any other illegal purpose wherein the computer is used to perpetrate a physical crime. This means, digital forensics is wider than ever before in its applications now. There is not any crime left on the face of earth where a computer is not used. Be it murder, robbery, rape, kidnapping, extortion, stalking, or terrorist activities, computer forensics is used everywhere now. The police force is being trained to use and understand the importance of digital evidences. It is sad but true that the legal machinery itself of the UK is still lagging behind in such awareness.
How is it Done?
There are various tools such as digital fingerprinting, mouse trapping, dusting, and tracking that are used to find out exactly how the criminal has progressed. One may wonder how the original computer that has been victimized or used as a weapon can remain tamper-free through all this analysis. That is why the first step is always cloning, or making an exact copy of the hard disk in another digital memory form under survey. That way, the original can remain as it was found, and the court can benefit by being able to see clearly how and where the crime has caused damage.
Mobile Phones and Crime
Mobile phones are being used by criminals and terrorists all over the world to assist in their activities. The call history of the phone, its address book, and its text or voice messages are all important evidences, but is not all. A phone can be tapped to give the location of the criminal and stop the crime or terrorist act before it actually happens. The forensic expert will use digital dusting, tracking and finger printing methods to establish whether the phone has been used, by whom and when the offence has been committed, and the way it has been done. The settings of phones can also reveal evidence of covert purposes. Mobile phone crimes being on the rise, this has become an extremely important branch of forensics now.