Computer Forensics

Computer forensics plays an ever increasing role in the discovery and recovery of electronic evidence.  With the growing reliance on electronic information for business and personal use, electronically stored information (ESI) is becoming more critical and relevant as evidence in our legal system.

Both active and deleted data stored on electronic media are processed during a forensic investigation.  Active data is data that is currently accessible to a person using the computer or device. Some of this data may be hidden by the operating system or displayed in a hard to read format.  However, the data is readily available.  Deleted data is data that was previously deleted, either manually by the user or automatically by the operating system.  Due to the way computers and most electronic devices operate, deleted data is not physically erased but it is rather made unavailable.  This deleted and unavailable data can be recovered during the forensic process.

The forensic process begins with ensuring that a proper change of custody is maintained for all evidence.  This includes creating detailed documentation related to the acquisition of the electronic media and the creation of a forensic, bit by bit image of the media.  Once the forensic image is created and validated, it becomes the source for all future examination processes. 

To learn more about how computer forensics can help you, click here.

 

Copyright © 2009 Prescott Partners LLC. All Rights Reserved.