Computer Forensics – A Brief Description

Computer Forensics – A Brief Description

Computer Forensics is the function of utilising scientifically proven methods to assemble together and process data found on a digital device, (computer, hard disk drive, mobile phone, memory card etc), and interpret that data for possible use in a court of law or other theatre of investigation. The evidence may assist in the prosecution or a criminal, help in the defence of an accused person, or be of intelligence to an individual who is seeking knowledge for either personal or professional reasons.

The main users of Computer Forensics are law enforcement officers, as a large percentage of crimes in some way utilise digitally stored data. This data could be a phone call made on a mobile phone, (or cell phone), which could place an individual at the scene of a crime, (or of course away from it), accounts for illegal activities such as drug sales, images of paedophilia, human resource issues, hacking, email abuse, unauthorised data duplication, IP theft etc. Corporate organisations are utilising computer forensics more and more now as they often have to investigate incidents such as inappropriate computer use, inappropriate email use, unauthorised data duplication and disloyal employees. Human Resource departments and Internal Security are the biggest users of these specialist corporate services. Private individuals may also use these services. It may be the lover cheating on their partner, or inappropriate internet use by a family member.

Computer Forensics or Cyber Forensics as it is also known, is now taught at many colleges and universities around the world, and is available to both the law enforcement community and private individuals.

What to do if you suspect illegal or inappropriate activity on a computer or digital device:

1. Turn the power off – Pull the plug out if necessary
2. Secure the ‘exhibit’. Don’t allow anyone access to it, security seal it if possible
3. Contact a Computer Forensics Expert

What NOT to do if you suspect illegal or inappropriate activity on a computer or digital device:

1. Call your IT manager, or one of your technical staff
2. Get them to ‘see’ if the user has been looking at ‘dodgy’ websites or if any important files are missing
3. Sack the member of staff

The analogy of the above:

Imaging a body lying in a muddy field. There is a blanket over the body and something petruding from it. By not following procedures, what you will have done is the same as follows:

1. See the body
2. Walk up to the body �n the field
3. Take the blanket off the body
4. Move the body to ‘have a look’
5. Put the blanket back over the body – ‘like it was before’
6. Leave the field

What you have just done:

Entered the scene of a crime, left YOUR footprints all over the muddy field, left YOUR fingerprints on the body and blanket, left YOUR DNA all over the place.

You then expect to call the relevant organisation/authority and have them try and find evidence, which has just been tainted by YOU or YOUR STAFF. This is not a good start, and could make the case in question inadmissible.

Remember that this is a very specialised service provided by experts. Use experts to do the job correctly in the first place, then there shouldn’t be a problem.

Simon Steggles
Disklabs Computer Forensics
www.disklabs.com/computer-forensics.asp
www.computer-forensics.co.uk
simon.steggles@disklabs.com

About the Author:
SIMON STEGGLES Disklabs Data Recovery Disklabs Computer Forensics DIRECTOR Background Simon is an owner of 1st Computer Traders Ltd, the company that owns Disklabs Data Recovery Services and Disklabs Computer Forensics Services. Simon originally set up the Disklabs Data Recovery Services part of the business in 1997, and started Disklabs Computer Forensics Services in 1999. Natural organic growth meant that new business premises were required for the Disklabs companies, and in December 2005, a further building was secured to accommodate the rapidly growing Disklabs Computer Forensics Services. He has a background of military, (Royal Navy communications and intelligence), and has principally dealt with hard disk drives ever since in roles of buying, selling, wiping and repairing, with the last two roles as business owner. Having completed courses in various computer and mobile phone forensics practises, as well as evidence handling procedures, Simon directs the data side of the business, and drives new business. Qualifications and Training  FTK Boot Camp, Dec Wyboston 2005  PRTK Boot Camp, Dec Wyboston 2005  DNA, Dec Wyboston 2005  FST Mobile Phone SIM examination, Southampton Nov 2004  FST Mobile Phone USIM examination, Southampton Nov 2004  .XRY Mobile Phone Examination, Tamworth Jan 2005  Evidence Handling Procedures, Milton Keynes Feb 2004 Simon, along with Matt Jones founded the 1st Computer Traders Ltd in September 1997. The business has steadily grown into the multi division company that now incorporates Disklabs Data Recovery Services, Disklabs Computer Forensics Services, and 1st Asset Management, a new division started in January 2006. The new forensics facility was set up to ensure that proper practise and procedures are adhered to whilst dealing with the law enforcement agencies that have very special security requirements, such as security locked evidence cages, proximity readers that only allow authorised personnel into their respective offices/labs/evidence cages. In 2002, Simon became a co-opted director of the Professional Computer Association, a year later he was voted as a full director of the PCA. In 2006 Simon was promoted to the position of Vice Chairman of the PCA, a not for profit organisation which represents in excess of £50 Billion of revenue within the UK and Ireland. Prior to Disklabs Data Recovery Services and Disklabs Computer Forensics Services, Simon was an active director in 1st Computer Traders Ltd, where he implemented the procedures for the test, repair, and data destruction routines used by the technicians of 1st Computer Traders Ltd. The work was rewarded with accreditations by various hard drive manufacturers including Seagate, Maxtor, Western Digital and Fujitsu. In June of 2002, 1st Computer Traders Ltd was awarded the highly coveted ISO9001-2000 for Quality Control. Prior to 1st Computer Traders Ltd, Simon was the Managing Director of United Computer Services (UK) Ltd, another technology based company, trading exclusively in hard disk drives. Hard drives were bought and sold across the world. Within 5 years, and with only 3 staff, Simon led his team to a turnover of £7,000,000.00, and sold the company to his business partner who continued to trade until the business was bought again. Prior to United Computer Services (UK) Ltd, Simon worked at various computer supplies companies gaining experience. Upon leaving school, Simon was a member of the Royal Navy. Specialising in communications, Simon also worked in the Legal Division and in Naval Intelligence.