computer_forensics_law_firmsDigital forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular digital device in a way that is suitable for presentation in a court of law. The goal of digital forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a digital device and who was responsible for it.

Digital forensic investigators typically follow a standard set of procedures: After physically isolating the device in question to make sure it cannot be accidentally contaminated, investigators make a digital copy of the device’s storage media. Once the original media has been copied, it is locked in a safe or other secure facility to maintain its pristine condition. All investigation is done on the digital copy of the data.

Investigators use a variety of techniques and proprietary software forensic applications to examine the copy, searching hidden folders and unallocated disk space for copies of deleted, encrypted, or damaged files. Any evidence found on the digital copy is carefully documented in a “finding report” and verified with the original in preparation for legal proceedings that involve discovery, depositions, or actual litigation.

Digital forensics includes several sub-branches relating to the investigation of various types of devices, media or artifacts.

These branches are;

1. Computer forensics
The goal of computer forensics is to explain the current state of a digital artifact; such as a computer system, storage medium or electronic document.

2. Mobile device forensics
Mobile device forensics is a sub-branch of digital forensics relating to recovery of digital evidence or data from a mobile device.

3. Network forensics
Network forensics is concerned with the monitoring and analysis of computer network traffic, both local and WAN/internet, for the purposes of information gathering, evidence collection, or intrusion detection.

4. Forensic data analysis
Forensic Data Analysis is a branch of digital forensics. It examines structured data with the aim to discover and analyse patterns of fraudulent activities resulting from financial crime.

5. Database forensics
Database forensics is a branch of digital forensics relating to the forensic study of databases and their metadata.

What does this mean for attorneys?
What if opposing counsel informs you they’re calling a computer forensics analyst as an expert? Even if you don’t need an expert to analyze computer data, it can pay to have one in your hip pocket.

Computer forensics and eDiscovery can involve computers belonging to your client and/or the opposing side. If there were computer evidence (or the potential for evidence) germane to a case, you would be best served to have an experienced computer forensics analyst look at the data. A computer forensics expert can work as a special master or can sign a non-disclosure agreement in order to protect confidential information. If opposing counsel hires an expert, you will want to have their analysis and conclusions reviewed by your own expert. Occasionally, opposing counsel will share the imaged (copied) hard drives from computers involved in the discovery.

If you are deposing opposing counsel’s computer forensics expert, it can be extremely valuable to have your own expert in attendance. Often, they can identify flaws in the other expert’s answers, or suggest a line of questioning. We recently provided this service to a client. During the depositions, the other side’s experts essentially refuted much of what was in their own analysis. Before the case ever went to trial, opposing counsel had withdrawn its computer forensics experts.

Contributed by:
Rick Crouch & Associates offers digital forensic services in civil, criminal and private matters. Rick Crouch & Associates provides complete, non-invasive computer investigation, analysis, recovery, evidence handling and search techniques on computer or network storage media. When performing recoveries for litigation, strict guidelines and protocols are followed to maintain positive control of evidence and content. Additionally, Rick Crouch & Associates provides support for civil and criminal litigation and expert court witnesses for testimonies and depositions.


Please enter your comment!
Please enter your name here

5 × one =