Topics

Introduction

The forensic sciences have seen their share of innovation, from fingerprinting to DNA profiling, and now computer forensics. Like DNA, computer forensics is a promising tool to aid in the unquenchable pursuit of evidence.

It is easy to see the benefits of using computer forensics to investigate “hacking” and so called “Internet crimes.” But it is also proving exceptionally useful in other areas. Computer forensics is now used to solve crimes such as endangering the welfare of a child, sexual assault, embezzlement, and homicide.

Many police departments are creating their own in-house computer forensics laboratories. To assist those without such resources, the Federal Bureau of Investigations has created a collection of regional computer forensics laboratories across the country to analyze electronic media seized during criminal investigations.

Origins

Alec Jeffreys of England introduced the world to DNA identification in 1985 by demonstrating its use in a criminal investigation. Through the methods of DNA testing, he was able to argue that a man suspected of raping and killing two young women could not have committed the crime.

The information contained in the human DNA was “waiting” to be found by Mr. Jeffreys and his colleagues. The same can be said of computers and electronic storage. As computer use steadily increases, the amount of information stored on electronic media is skyrocketing. Conversations, memos, financial documents, images and records are just a few examples of the types of information found in computers.

Because so much of this information may be useful to police and other law enforcement agencies, it is no wonder why seizing a computer has almost become standard practice during an investigation.

Now more than ever, computer forensics is blossoming into an important part of the forensic sciences. But as law enforcement recognizes how useful its conclusions are for all types of investigations, some have questioned when the police have a right to search a computer or use computer forensics findings as evidence.

Consequently, the government has published a document called “U.S. Department of Justice Search and Seizure Guidelines, Computer Crime and Intellectual Property Section, Criminal Division” at www.usdoj.gov/criminal/cybercrime/searching.html, which contains numerous suggestions for law enforcement and generous amounts of case law.

The Electronic Communications Privacy Act and topics such as searching and seizing computers with and without warrants are discussed in detail.

Building Labs

The Massachusetts State Police and Palo Alto (Calif.) Police Department have both unveiled plans for new state-of-the-art computer forensics laboratories. Many more departments are following suit.

Congress has found computer forensics so important in criminal investigations that it tasked the FBI with developing a group of computer forensics labs that will provide their services to law enforce agencies across the country.

Called Regional Computer Forensics Laboratories, facilities already have been completed in Northern Texas and San Diego. Three more labs are expected to open this year in Chicago, Kansas City and San Francisco.

With the millions of dollars now being invested in computer forensic technology, one can only surmise that police and other law enforcement will continue to expand its use in their investigations.

Countermeasures and the Public

As the general public has become more aware of what kinds of information may exist on a computer, products touted as “evidence eliminators” have been developed and are routinely advertised on the Internet. These products claim they can permanently destroy unwanted data contained on a hard drive.

The fact that there is a market for such software indicates there is concern among some about their electronic footprints.

Although these products have legitimate uses, they can also make the job of computer forensics technicians more difficult. The battle between those attempting to gather electronic evidence and those attempting to remove it is likely to escalate.

The element of surprise during an investigation is important because an individual or business may decide to make use of “evidence elimination” software after learning they are a likely target of a computer forensic search.

However, investigators may have a distinct advantage. A single piece of stored information can “reproduce” itself in many locations. For example, a person may have written a document, saved it to a file on their computer, made a copy on a floppy disk, and e-mailed it to a friend. Law enforcement may seize not only the individual’s computer, but also their CD-ROMs, floppy disks and other media.

They may also contact the individual’s Internet Service Provider (ISP) to obtain usage records and copies of online storage and e-mails. Law enforcement officials have even searched the computers of people who have corresponded with suspects to seek additional evidence.

Conclusion

Computers are not going away, and neither is computer forensics.

Its usage is significant for protecting the innocent as well as prosecuting the guilty. The law enforcement community has made a major commitment in resources and funds to increase the use of computer forensics in investigations.

Attorneys today, therefore, should have at least a basic understanding of computer forensics and when its use is practical.

(This article is reprinted with permission from the
March 31, 2003 issue of "The New York Law Journal - Techtrends." ©2003 NLP IP Company. Further duplication without permission is prohibited. All rights reserved.)

Back to Top