In essence, computer forensics is the investigation of electronic devices or computer media.

Typically, the purpose of such an investigation is to analyse and discover any available, deleted, or ‘hidden’ data that can then be subsequently used as evidence in legal proceedings.

Additionally, computer forensic techniques can be employed in some cases of hardware failure.

As with all technology, computer forensics is a fast-moving discipline in which new hardware, tools and software are consistently being developed.

This means, generally, that it is becoming increasingly simpler for computer forensic experts to find & restore more evidence and/or data, not only faster, but also with far more accuracy.

Anti-Forensics

Obviously, technological advances also mean that forensic countermeasures are also improving at a similar rate, leading to some interesting challenges.

Digital Evidence

The advent of computer forensics has significantly changed the way in which digital evidence is gathered and used as evidence of a crime, and is performed via advanced techniques and technologies.

A computer forensic expert will use their knowledge of these techniques to aid in the discovery of evidence from an electronic storage device, possibly for either proving or disproving a crime.

Such data can be derived from a wide variety of electronic devices, such as flash drives, discs, tapes, handheld computers, PDAs, memory sticks, emails, logs, or even hidden or deleted files.

Tracking

The average computer user probably thinks that the simple act of deleting a file or item of internet history will remove it completely from the their system.

Reality, however, is somewhat different - deleting a file simply removes it’s marker from the ‘index’ of a hard drive - the actual file will remain on the computer, in whole or in part, until it has been completely overwritten by new data, as can been seen in this video of Encase.

A computer forensic expert has the tools and knowledge required to find such deleted files and to reconstitute them to varying degrees, such that they could be used as admissible evidence.

Enron

The Enron scandal placed computer forensics firmly on the map as it arguably remains the biggest computer forensics investigation ever.

In recent years, computer forensics has become a standard part of many types of litigation, especially litigations of a corporate nature in which there are large amounts of data.

Data Security

In this digital age, data security is a growing issue for the corporate world, covering topics such as internet policies (and the consequences of violating them), and the signing of compliance documents by employees.

Perhaps the best way in which businesses can monitor their own computer systems, in a proactive way, in order to avoid legal consequences in future is to utilise some level of computer forensics.

Simply by making employees aware that such a facility exists could prove a sufficient deterrent to any wrong doing.

Growing Niche

With the huge increase in the use of computers, both in the business sector and in the home, and the increasing number of hi-tech crimes, computer forensics is certainly a growing niche within the litigation support sector.

Unlike many other jobs within the information technology sector, computer forensic work is highly unlikely to be outsourced to other, cheaper, countries, due to the confidentiality of the data which is involved.