A phrase like “computer forensics” might sound like something you’d hear tossed around on an episode of Law & Order: SVU or a rerun of Criminal Minds, but this is no made-for-TV thing: Computer forensics is a legitimate industry with legitimate real-world uses. Even more surprising is the fact that computer forensics is nothing new — it’s a science that dates back all the way to the 1980s, perhaps even earlier.
From its early beginnings in legal investigations to its contemporary uses across a whole slew of industries, computer forensics is a truly fascinating science worth exploring further.
What Is Computer Forensics?
Also known as computer forensic science or simply cyber forensics, computer forensics deals with the uncovering of evidence exclusively from digital sources. Whether it’s a hard drive, a digital camera, a cell phone, or the microphone on an Alexa, computer forensics allows investigators to scrutinize digital media like a detective would do at a real-life crime scene in search of anything that can be used to identify, recover, preserve, or analyze evidence.
That might sound pretty complex, so let’s put things in simpler terms: computer forensics is like a crime scene investigation, a police search, and a private investigation all rolled into one uniform science. It takes great skill and immense knowledge to yield effective results in the world of computer forensics, but when done correctly, the evidence found can make or break a case.
With that being said, computer forensics is not exclusive to criminal proceedings: often, computer forensics can be utilized during civil investigations, as well. From corporate audits to divorce cases to simply recovering important documents that may have been intentionally deleted or hidden, it appears that the computer forensics industry contains all sorts of multitudes.
How Is Computer Forensics Used?
It’s clearer now what this computer forensic science actually is and what the goals of computer forensics are, but how exactly can this process actually be admissible in courtroom proceedings or trusted as fact in other various scenarios?
When computer forensics experts first emerged on the scene in the mid-1980s, it almost goes without saying that the legitimacy of their science was doubted somewhat. The sheer scope of what computers were beginning to do could barely be comprehended, let alone using them to actually uncover virtual evidence for use in the real world. But, as computer crimes became more and more common as the ‘80s gave way to the ‘90s, it was obvious that computer forensics was not just legit, but an essential part of the investigative process from that point forward.
To understand how this came to be, it’s worth examining the actual process of computer forensics through these most commonly used techniques:
- Steganography: Believe it or not, steganography is the process of hiding key data within an image or file in an attempt to hide it in plain sight. Thus begins the computer forensics version of Where’s Waldo: the scientist then dives deep into the hash of the edited file in question and compares it to the hash of the original image or file to find the difference.
- Live analysis: This technique requires the computer forensic scientist to enter a device through its operating system and use custom or pre-existing tools within the OS to find and extract evidence.
- Deleted file recovery: This is exactly what it sounds like — investigative scientists, through the use of special software, reconstruct deleted files and data from the device’s physical discs. As it turns out, “deleted” doesn’t always mean gone forever.
- Stochastic forensics: Through the investigation of stochastic — or randomly determined — properties on a device, computer forensic scientists can look at the device’s activity and determine which activities are missing key digital artifacts.
- Cross-drive analysis: This technique, which is one of the newer forms of computer forensics, involves parsing through multiple hard drives and correlating the information found on each individual drive in search of any anomalies or inconsistencies.
Examples of Computer Forensics in the Real World
It’s one thing to read about what computer forensics is and how it’s used, but it’s something else entirely to see examples of how computer forensics has been used in both high-profile investigations and real-world scenarios throughout the years. These examples are only a handful of the most notable — in reality, computer forensic science is constantly shifting and evolving to meet the ever-changing technological advances as they come.
The Investigation of Dr. Conrad Murray Following the Death of Michael Jackson
In the wake of music icon Michael Jackson’s surprising death in 2009, computer forensics helped to uncover digital evidence on the computer of the singer’s doctor, Conrad Murray, that documented the lethal doses of propofol administered to Jackson. Investigators were then able to use these documents in their case against Murray.
The Gathering of Evidence for Divorce and Family Law Cases
During custody battles and divorce proceedings, many find that computer forensics yields useful results through the uncovering of key financial information and troubling social media posts. Computer forensic scientists have successfully found important tax and property documents that go on to change the course of these kinds of cases.
The Use of Computer Forensics in Corporate Espionage
It’s not uncommon to find corporations and industries who utilize computer forensics to uncover information from their professional rivals in hopes of gaining the upper hand. Whether it’s used to get insight on a competitor’s upcoming projects or products in an attempt to join the competition or simply to know what’s going on behind the rival’s closed doors, corporate espionage relies on computer forensics to get the job done.
With only a few decades under its belt, you can bet computer forensics will continue to impact our daily lives for centuries to come. Wherever the industry goes in the coming years, it’s sure to be just as revolutionary as the years that have preceded today. With each new technological revolution, a similar revolution in computer forensics is destined to follow.