The forensic sciences have seen their share of
innovation, from fingerprinting to DNA profiling, and now
Like DNA, computer forensics
is a promising tool to aid in the unquenchable pursuit of evidence.
is easy to see the benefits of using computer forensics to
investigate “hacking” and
so called “Internet crimes.” But it is also proving exceptionally
useful in other areas. Computer forensics is now used to solve crimes
such as endangering the welfare of a child, sexual assault, embezzlement,
Many police departments are creating their own in-house
computer forensics laboratories. To assist those without such resources,
the Federal Bureau
has created a collection of regional computer forensics laboratories
across the country to analyze electronic media seized during criminal
Alec Jeffreys of England introduced the world to DNA identification
in 1985 by demonstrating its use in a criminal investigation. Through
testing, he was able to argue that a man suspected of raping and
killing two young women could not have committed the crime.
information contained in the human DNA was “waiting” to
be found by Mr. Jeffreys and his colleagues. The same can be
said of computers and electronic
storage. As computer use steadily increases, the amount of information
stored on electronic media is skyrocketing. Conversations,
memos, financial documents,
images and records are just a few examples of the types of information
found in computers.
Because so much of this information may
be useful to police and other law enforcement agencies, it
is no wonder why seizing
practice during an investigation.
Now more than ever, computer forensics
is blossoming into an important part of the forensic sciences.
But as law enforcement recognizes
how useful its
are for all types of investigations, some have questioned when
the police have a right to search a computer or use computer forensics
Consequently, the government has published a document
called “U.S. Department
of Justice Search and Seizure Guidelines, Computer Crime and Intellectual
Property Section, Criminal Division” at www.usdoj.gov/criminal/cybercrime/searching.html,
which contains numerous suggestions for law enforcement and generous
amounts of case law.
The Electronic Communications Privacy Act
and topics such as searching and seizing computers with and
without warrants are
The Massachusetts State Police and Palo Alto (Calif.)
Police Department have both unveiled plans for new state-of-the-art
laboratories. Many more departments are following suit.
has found computer forensics so important in criminal investigations
that it tasked the FBI with developing a group of
labs that will provide their services to law enforce agencies across
Called Regional Computer Forensics Laboratories, facilities
already have been completed in Northern Texas and San Diego.
labs are expected
open this year in Chicago, Kansas City and San Francisco.
millions of dollars now being invested in computer forensic
technology, one can only surmise that police and other law
enforcement will continue
to expand its use in their investigations.
Countermeasures and the
As the general public has become more aware of what kinds
of information may exist on a computer, products touted as “evidence
been developed and are routinely advertised on the Internet. These
products claim they can permanently destroy unwanted data contained
on a hard drive.
The fact that there is a market for such software
indicates there is concern among some about their electronic
Although these products have legitimate uses, they
can also make the job of computer forensics technicians more
difficult. The battle
gather electronic evidence and those attempting to remove it is
likely to escalate.
The element of surprise during an investigation
is important because an individual or business may decide to
make use of “evidence elimination” software
after learning they are a likely target of a computer forensic
However, investigators may have a distinct advantage.
A single piece of stored information can “reproduce” itself
in many locations. For example, a person may have written a
document, saved it to a file on their computer, made
a copy on a floppy disk, and e-mailed it to a friend. Law enforcement
may seize not only the individual’s computer, but also their
CD-ROMs, floppy disks and other media.
They may also contact
the individual’s Internet Service Provider (ISP)
to obtain usage records and copies of online storage and e-mails.
Law enforcement officials have even searched the computers
of people who have corresponded with
suspects to seek additional evidence.
Computers are not going away, and neither is computer
Its usage is significant for protecting the innocent
as well as prosecuting the guilty. The law enforcement community
made a major commitment
in resources and funds to increase the use of computer forensics
Attorneys today, therefore, should have at least
a basic understanding of computer forensics and when its use
(This article is reprinted with permission from
March 31, 2003 issue of "The New York Law Journal - Techtrends." ©2003
NLP IP Company. Further duplication without permission is prohibited.
All rights reserved.)
Back to Top