Computer forensics and crime investigation is a fascinating part of the world of computing. Our TV and film screens often feature the latest blockbuster about crime and these days there’s always some sort of computer crime involved. Be it restoring images or chats from a mobile phone or looking at a criminal’s internet history there is a place for computer crime and hacking in today’s modern world. While much of computing and computer forensics investigation looks exciting, much of computer forensics is procedure driven and rather dull and boring. Take a look at this accurate example of forensic acquisition, https://datarecovery7383.wordpress.com/2015/12/03/forensic-acquisition/, if you take a look you’ll see it’s rather dry. Certainly not James Bond stuff, running around in the world of international espionage.
While the link above describes part of the computer investigative process, companies that actually perform forensic investigations on computer hard disks like http://www.computersciencelabs.com/ will follow these procedures and continually update them when new technology comes out.
Most computer investigations take place when a crime (civil or criminal) has taken place. Criminal crimes are by definition far more high profile than civil proceedings but the approach of the computer forensics company is the same regardless. At all times investigators must follow detailed procedures and processes that mean their investigations and findings fall within legal boundaries. For example, whilst it may be very tempting to not ‘go by the book’, investigators quickly found that not adhering to legal protocols made their evidence inadmissible in court and these cases were often thrown out by the judge as the evidence could not be deemed to still be forensically sound.
Following forensic procedures in computer investigations is however an arduous and lengthy process, taking time and patience. This is also one of the main reasons that there is such a lengthy backlog of computer forensics cases involving the police. Being a computer forensics investigator is a skilled job and being methodical in one’s investigations rather goes against the grain when the police officer has so many cases to get through. As of 2015 it was estimated that there was a backlog of between 9 and 18 months for UK police offices when looking at investigations on hard drives, and 10-24 months when these investigations involved mobile or smart phones.
Clearly today much criminal activity takes place on a mobile or smart phone but don’t discount the computer hard drive just yet – there is still a high degree or illegal activity that can be found by investigating a hard disk.
Mobile phones and computers will yield up different types of information. Whilst a computer will be a great source of information regarding internet browsing histories and web caches, a typical smartphone will contain SMS texts and location data such as map locations and places visited including the time and date the location was visited.
Today the typical digital data investigator wants to see information from both a mobile phone and computer in order to get an accurate and full picture of the type of activity the perpetrator has been involved in. Whilst it’s possible to secure a conviction with the evidence from just one of the two devices, the information from both can often backup and strengthen the overall case by providing good solid secondary data.