Chandra Levy, a Washington DC intern disappeared on April 30, 2001. Although she had been missing for a year, her use of the Internet helped a Computer Forensics Investigator trace her whereabouts.
With the advent of the World Wide Web, the world has become a smaller place. Today we know more about each other than we ever dreamed we could. This is due to the dramatic way that technology has revolutionised communications and information exchange in the areas of business, industry, as well as our homes. We use the Internet to bank and transfer money, and most of us would rather communicate via e-mail than ‘snail’ mail.
Industry analysts say that currently there are 657 million people worldwide online, and there may be as many as 794 million by 2009.
In this age of information technology, cyber crimes linked with the stealing and manipulation of data are being detected every day. Crimes of violence are not excluded from this list. A serious and costly terrorist attack could originate from the Internet rather than from a bomb. A serial killer may record his diary on a CD or hard disk drive instead of on paper.
Digital Forensics is the art of applying computer science to the legal process. The art comes from the ability to crack complex puzzles, a skill possessed by successful investigators.
Thus, computer forensics demands specialized expertise and tools that go beyond the usual data collection and preservation techniques.
Most of the time, computer forensic experts examine data storage devices such as hard drives, portable data storage devices, as well as digital data devices like mobile phones.
Computer forensic experts:
- Track down the sources of documentary or digital evidence
- Save the evidence
- Evaluate the evidence
- Present the findings
What is more, the investigation must be carried out in a manner that complies with the standards of evidence required in a court of law. Therefore, the handling of a suspect’s files needs special care because the data may be wiped out by electromagnetic or mechanical damage, or viruses.
When is Computer Forensics Needed?
Today courts of law require the capture of more information rather than equipment.
Electronic evidence is crucial in the following situations:
- Disloyal employees
- Possession of pornography
- Computer break-ins
- Breach of contract
- Industrial espionage
- E-mail fraud
- Bankruptcy
- Web page defacements
- Theft of company documents
- Disputed dismissals
Computer Hacking Investigation
This is the process of detecting the attacks of hackers and obtaining evidence for the crimes, as well as conducting audits to inhibit future attacks. A computer hacking investigator will look for evidence regarding trade secret theft, destruction or theft of intellectual property, and fraud.
Since business organizations store their information electronically, their competitors can hire professional hackers to steal their industrial secrets and other data.
However, no matter how careful they may be, when people try to steal electronic information, they leave a trail of their activities behind. In the same way, when people attempt to get rid of incriminating evidence stored on a computer, they leave behind important clues.
The computer forensic expert’s advanced understanding of storage techniques enables him to recover lost evidence. For instance, even after an e-mail (people write things in emails that they will not dare write in letters!) is deleted, it may still exist on the storage device. The forensic expert will employ review tools to make copies of and search through e-mails. He will look for tell-tale evidence through keyword searches which will make the process of going through vast amounts of e-mail much faster.
The mobile phone seems to have become the new fingerprint. Ian Huntley’s 40-year prison sentence for the murder of two schoolgirls in 2002 was partly based on mobile phone evidence.
Because mobile phones utilize ‘flash memory’, they continue to store data even when not connected to a power source. A computer forensic expert can recover the following materials from the handset:
- Logged Incoming and numbers dialed last
- Stored audio/visual materials
- Text and Multimedia messages
- System Settings
- Calendar and Alarm notifications
- Saved computer and data files
- Internet settings and accessed websites
Apart from the digital evidence, a handset can also reveal the presence of DNA traces on the earpiece, keypad, and mouthpiece. Additionally, an expert can retrieve the ‘Call Data Records’ (CDRs) from the network provider, which will give him information about where and when the mobile phone was used.
An expert can even access names of individuals and places stored in the archives of the device.
You could conclude that information technology, which has made businesses and individuals more vulnerable to crime, has also made it easier for criminals to get caught.