The latest industry news and insights

What is Computer Forensics?

What is Computer Forensics?

What is computer forensics? CYFOR’s Head of Investigations details this specialist digital forensics technique, which can provide vital digital evidence within criminal and civil investigations.


What is Computer Forensics?

What is Computer Forensics? It is a specialist process that involves the analysis of Electronically Stored Information (ESI) that is stored on electronic devices, such as desktop computers, laptops and external hard drives. This digital forensic analysis is executed via a methodical approach to verify factual information within civil or criminal matters. The process is reliant on strict adherence to the ACPO Guidelines so that the integrity of the digital evidence is admissible in court.

The ACPO Guidelines

The Association of Chief Police Officers (ACPO) publish guidelines for handling electronic evidence and it is paramount that these are strictly adhered to when investigating computers or digital evidence.

The four main principles from this guide are as follows:

  1. No action should change data held on a computer or storage media which may be subsequently relied upon in court.
  2. In circumstances where a person finds it necessary to access original data held on a computer or storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
  3. An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
  4. The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to.

Computer Forensics Expert

A computer forensic investigator is not an IT technician. Years of training and ongoing development are standard, as deciphering binary and metadata on a computer can be as complex and precise as understanding human DNA. To have a computer involved in an investigation should be viewed as an absolute asset. As the quantity, variety, and potential value of data stored on the hard drive can be invaluable. However, if best practice guidelines are not followed, and forensic experts are not deployed, evidence can be lost. It can also become inadmissible in court or at tribunals.

Forensic ‘Imaging’ of devices

Forensic ‘Imaging’ is an exact forensic replica of digital media stored on the hard drive of an electronic device, such as a computer. The process is also the first stage of a computer forensic investigation. This preserves the data as an exhibit for further investigations and court proceedings, allowing the original evidence on the hard drive to be protected and remain intact. This is especially useful in covert operations, where information is required without the knowledge of the investigated party(s).

What evidence can be retrieved?

  • Email correspondence, including deleted emails
  • Internet activity, history, account information and downloads
  • Stolen electronic data / intellectual property
  • Deleted files, folders, images and videos
  • Operating data, including creation times, dates and system logs

The application of Computer Forensics

Computer forensics can cover a vast range of cases within commercial, civil and criminal investigations, such as;

  • Intellectual property theft
  • Indecent imagery investigations
  • Employment disputes
  • Fraud investigations
  • Bankruptcy investigations
  • Regulatory compliance
  • Litigation & dispute resolution
Back to all Posts

Call us today and speak with a Forensic Specialist

Send an enquiry to our experts

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the General Data Protection Regulation (GDPR) act, 2018.