As more information is stored digitally, the use of computer forensics has become an essential component to many investigations and sometimes the key to a lawyer winning or losing a case. But what is computer forensics and how is it used in the legal industry?
Computer Forensics Definition
Computer forensics (aka cyber forensics) is the science of recovering and investigating data found on electronic devices. A basic forensic computer analysis involve the examination of data on a laptop, desktop, smartphone, tablet, DVD, CD or even a GPS system among other electronic devices. Attorneys who understand when it’s time to employ a data forensics expert will have a better chance of winning their case especially as the law depends more on data forensics to get to the bottom of the facts in a matter.
Computer Forensics for the Win
Many attorneys may wonder how cyber forensics can help them win a case. Well, there are many ways that data forensics can help you win a case and help your client avoid trouble when a case involves the examination of sensitive data.
- Elimination of hearsay. Now that so many conversations take place in the digital landscape —text messages, social media, chat rooms etc. — there is less of a need to rely on hearsay when recreating a past conversation or series of events. If someone said something online or on another digital platform such as in a messaging app, that could incriminate them (or exonerate them) that data can be recovered even if it was previously deleted. To learn more about how social media can play a role in computer forensics, download our free “Social Media Workbook for Attorneys.”
- Provide concrete evidence. If your case involves accusations that rely on digital evidence, IT forensics can help you uncover the right data if you know where to look. A forensic computer analysis can recover deleted files and help you track down files that were stored on an external device or virtual machine.
- Data preservation. If you’re handling a case where you know that there is data you may want to examine, quickly employing a cyber forensics expert will give you a chance to copy that data before it is wiped or corrupted.
- Provide expert witness testimony. If you’re working with a cyber forensics expert, they can provide expert witness testimony at trial and explain evidence in a way that makes sense to a jury or judge.
How Does Cyber Forensics Work?
Like with any science the particulars of cyber forensics can get complicated. But there are some basic overall principals and strategies that attorneys should know about before they hire a computer forensics professional.
- Most data is never truly deleted. When you’re conducting a cyber forensics investigation, you can recover almost any deleted data as long as it has not been wiped by a device reformat or some other data destroying method. But moving quickly is important as individuals with something to hide may decide to wipe their devices before you get access to them.
- Metadata is valuable. Metadata is information about data such as its creation and modification date. Using metadata, you can determine critical creation and modification information about files.
- Experts can break encryption. Skilled cyber forensics investigators can break into encrypted files using the right tools and investigative skills.
When accessing data, computer forensics professionals can use hardware or software to copy data and thoroughly analyze it. But for attorneys who want to efficiently leverage forensics computer science, knowing exactly what type of data you’re looking to examine is critical.
Forensic computer analysis may include the following techniques:
- Finding the previous versions of a document.
- Searching for specific keywords in found data.
- Investigating whether data was stored on an external drive.
- Authenticating when a file was created or modified and by whom.
- Proving that data was copied by someone.
- Identifying the most effective ways to search data.
Things Lawyers Should Do
When lawyers are engaging in data forensics, there are a few best practices they should consider.
- Collect data broadly. Look in some of the less obvious places when collecting data for your cyber forensics analysis. Not only should you collect data from computers and smartphones but also keycard logs, printer memory, and even camera footage. Anywhere that has a memory card is a potential source of helpful data.
- Document data collection. To avoid disputes about the integrity of data you’ve collected, make sure that your data forensics expert documents the time, date and location of the data collection process as well as the serial number of the device from which you copied data.
- Stop data corruption and erasure. As soon as you realize that your case will include a cyber forensics investigation, stop anyone else from collecting, modifying or deleting data on the devices you want to access. Even when there is no malice, people accessing data on the device could inadvertently delete, wipe or corrupt important files.
- Communicate background information. You must provide factual information about your case so that the computer forensics expert can know where to look for data. To get the most out of your use of a computer forensics expert, you must treat them as a trusted part of your investigation.
- Watch cyber forensics developments. If you plan to use a data forensics expert, make sure that stay updated about the development of the field. As computer forensics science evolves, new tools and skills will become available. You will need to have some general understanding of the industry to choose the right cyber forensics expert for your team or specific case.
- Build a relationship. Some law firms will benefit greatly from a good cyber forensics expert on their team. This is why it’s important that law firms build an ongoing relationship with a skilled cyber forensics expert. Having someone who has worked with you in the past will make it easier and more efficient to work together.
If you’re working in a practice area that has a need for cyber forensics analysis on certain cases, make sure you do your research before working with a computer forensics professional.