Home     Computer Forensics

 

 

Computer Forensics

Private Investigators who specialize in computer forensics and high technology civil and criminal cases are commonly referred to as the "high tech PI's." The field of computer forensics is a broad term representing techniques and procedures that allow the client to obtain computer related evidence from computers and other high tech devices.  The Computer Forensics P.I. "gets the data" for you, and helps you get it into court as evidence.

Your best Private Investigator "value" is to hire a P.I. with general practice AND computer forensics, high technology skills.  Such well-rounded skills keep your extra P.I. costs lower.   Obtaining Computer Forensics and regular P.I. skills is an all-in-one cost effective hiring decision.

With a collection of computer forensics hardware and software he or she will serve as a general practice P.I. and the computer forensics expert. Ask P.I.'s in general practice and they will all tell you they get involved in computer related evidence on almost every case, but few have the expertise, training, and equipment to handle those parts of the case. We have that equipment and years of law enforcement training and experience.

Our computer forensic investigator is a recognized court qualified expert who has worked on numerous high profile cases.

 

USES FOR COMPUTER FORENSICS

Computer forensics can be used in many different types of cases ranging from criminal and civil cases to domestic type investigations.   A forensics investigation is  not a simple task.  The extent of the investigation is determined by the type of information that is being retrieved and the documentation that is required in the case.   There are also certain procedures to follow for preserving forensic evidence.

Contact our office today to discuss rates and procedures for preserving your evidence.

 

Common Computer Forensics Mistakes Computer Users Make

  When a computer user becomes involved with a computer, a floppy disk, a CD, or other device that has computer evidence some common mistakes are made, even by law enforcement personnel.  Computer data is often needed for investigating homicides, employee misconduct, financial fraud, domestic violence, child abuse, elder abuse, infidelity, adultery, child custody, stalking, internet crimes, child exploitation, theft, arson, terrorism, rape, virus attacks, medical malpractice, kidnappings, child internet use, and many, many more things.  Anything that can be written down, recorded, E-mailed, scanned, and photographed can be on a computer.

  Here are the most common mistakes:

  1. A volunteer is allowed to ”turn on” and “look” at the data on the evidence-holding computer because the volunteer has a trusted computer reputation or just feels comfortable using computers or is just curious to see what can be found on the computer to be the hero.  No one should ever turn on an original evidence-holding computer without forensic data protection measures. Data will be lost!!
  2. No one thinks about backing up the evidence-holding computer by doing what is called the “forensic backup” or more commonly the “forensics copy.”  Without the forensics copy the original evidence-holding computer is turned on, turned off, used, and searched  and may malfunction…..OVERWRITING DATA THAT CAN PROVE INNOCENCE OR GUILT
  3. No one bothers to check and document if the computer clock in on-time.  This is important since a computer works with an internal digital clock and a coin sized “watch” battery.
  4. No one bothers to protect the computer against a virus or other destructive software.
  5. Normal computer users searching an evidence-holding computer will not find deleted files and raw data that CAN PROVE INNOCENCE OR GUILT.
  6. Hidden files, disguised data, logs, registries, and other important data are not found or even searched for to PROVE INNOCENCE OR GUILT
  7. Evidence is literally destroyed (overwritten) because the computer user looking for computer evidence does not know that every click of the mouse, every keystroke, every launch of a program, every view of a digital photo is overwriting data that CAN PROVE INNOCENCE OR GUILT.
  8. No one thinks about computer data being used as evidence in court, hearings, inquiries, and investigations, so no one thinks about or knows how to preserve and present computer evidence.
  9. No one thinks about turning off the Internet connection while searching for the computer evidence.  Internet data can download to the computer without warning and overwrite computer evidence.
  10.  Professionals who believe they are computer forensics investigators are unlicensed and get “impeached” in court and later can be prosecuted for doing investigations without a license.

Consequences:  When the above mistakes happen someone can be wrongfully accused or otherwise punished.  If some “good” evidence data is found and someone is prosecuted, the good evidence can be thrown out or rendered useless because “other” data was never seen or overwritten from the above mistakes.  Missed data can be found later by an expert disproving what was found previously.  The guilty person can go free. 

The person who commits the above mistakes can be held liable, and at least suffer some “real” embarrassment when it is discovered that “best practices” computer forensics were not used.  A business can suffer liability if its computers are searched incorrectly and without sound written computer-use policies in place. When the incident happens computer evidence can solve or help solve the case.