Computer Forensics

1 2 3 Page 2
Page 2 of 3

Any type of data can serve as evidence, including text documents, graphical images, calendar files, databases, spreadsheets, audio and video files, Web sites and application programs. Even viruses, Trojan horses and spyware can be secured and investigated. E-mail rec-ords and instant messaging logs can be valuable sources of evidence in litigation, because people are often more casual when using electronic communications than they are when they use hard-copy correspondence such as written memos and snail-mail letters.

And finally, digital data can be searched quickly and easily by machine, whereas paper documents must be examined manually.

Like other information used in a case, however, the result of a computer forensics investigation must follow the accepted standards of evidence as codified in state and federal law. In particular, an investigator must take special care to protect evidence and to preserve its original state. It's especially important to prevent suspect files from being altered or damaged through improper handling, viruses, electromagnetic or mechanical damage, and even booby traps. To accomplish this, it's necessary to do the following:

  • Handle the original evidence as little as possible.
  • Establish and maintain the chain of custody.
  • Document everything that's done.
  • Never go beyond what is known and can be proved from direct, personal knowledge.

Failure to protect evidence might mean that original data is irretrievably lost or changed and that results and conclusions may not hold up or be admissible in a court of law.

1 2 3 Page 2
Page 2 of 3
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon