Computer Forensics: Beyond The Magnifying Glass
Computer forensics plays a huge role in investigations conducted by both forensic team and law enforcement officers. It is unfortunate that despite its immense role in carrying out investigations, quite .
a number of people do not understand much about this important discipline.
According to Kroll Ontrack’s senior managing director Alan Brill, American Academy of Forensic Science identified and recognised multimedia and digital evidence as a an independent forensic area of study .
This remarkable organization rarely makes such recognitions. The last time it did so was about 28 years ago.
Keth Jones, who is the proprietor of Jones Dykstra & Associates, said that computer forensic technology has advanced considerably. He however pointed out that methods of collecting data have been available for over a decade. These methods involve duplication of the hard drive, byte by byte. Such methods do not alter its content. Once information has been dublicated, forensic investigators can begin to retrieve data for analysis.
Technology for data analysis has continued to improve as developers introduce new tools and upgrade those that are already available in the market. This has made forensic investigation much easier and faster.
Advancement in technology has made it possible to back up live data as you do the typing instead of waiting until it is stored in the hard disk. However, this is not executed on second by second analyses.
Experts agree that focusing on the content of hard disk instead of what is currently running in the computer may lead to omission of important information. Since computer forensic investigation captures and analyzes information available in volatile memory, it is important that efficient tools are developed to make work easier.
According to Jones, network based acquisition requires single files and some specific documents instead of bit for bit image stored on hard drive. He said that this is a dentrimental trend in the field of computer forensic investigation. He added that this could lead to multiple acquisitions or fail to capture important information. He also said that it lacks flexibility because forensic investigator may find it difficult to investigate new leads once more.
The legal system has also continued to make changes in response to technological advancement. For example, in 2006, some changes were made in e-discovery laws. It allowed defense and prosecution to include electronic data.
The main challenge facing computer forensic industry is the availability of tools which can allow one to erase data from computer hard drive. Others make it possible to remove passwords and other details that are required for authorization.
The contribution of computer forensic investigation in solving criminal cases cannot be understimated. However, with the challenges facing the industry, people are eagerly waiting to see if powerful tools will be developed to address the problems.