Manchester: 0161 797 8123

London: 0207 438 2045

Manchester: 0161 797 8123

London: 0207 438 2045


News, events, media, seminars and more

What is Computer Forensics?

What is computer forensics?

CYFOR’s Head of Computer Forensics and industry expert John Young, details the specifics of Computer Forensics. A specialist technique, which can provide vital digital evidence within investigations.


What is Computer Forensics?

What is Computer Forensics? It is a specialist process that involves the analysis of Electronically Stored Information (ESI) that is stored on electronic devices, such as desktop computers, laptops and external hardrives. The analysis is executed via a methodical approach to verify factual information within civil or criminal matters. The process is reliant on strict adherence to the ACPO Guidelines so that the integrity of the data evidence is admissible in court.

The ACPO Guidelines

The Association of Chief Police Officers (ACPO) publish guidelines for handling electronic evidence and it is paramount that these are strictly adhered to when investigating computers or digital evidence.

The four main principles from this guide are as follows:

  1. No action should change data held on a computer or storage media which may be subsequently relied upon in court.
  2. In circumstances where a person finds it necessary to access original data held on a computer or storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
  3. An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third-party should be able to examine those processes and achieve the same result.
  4. The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to.

Computer Forensic Expert

A computer forensic investigator is not an IT technician. Years of training and ongoing development is standard, as deciphering binary and metadata on a computer can be as complex and precise as understanding human DNA. To have a computer involved in an investigation should be viewed as an absolute asset. As the quantity, variety, and potential value of data stored on the hard drive can be invaluable.

However, if best practice guidelines are not followed, and forensic experts are not deployed, evidence can be lost. It can also become inadmissible in court or at tribunals.

Forensic ‘Imaging’ of devices

Forensic ‘Imaging’ is an exact forensic replica of digital media stored on the hard drive of an electronic device, such as a computer. The process is also the first stage of a computer forensic investigation. This preserves the data as an exhibit for further investigations and court proceedings, allowing the original evidence on the hard drive to be protected and remain intact. This is especially useful in covert operations, where information is required without the knowledge of the investigated party(s).

What evidence can be retrieved?

  • Email correspondence, including deleted emails
  • Internet activity, history, account information and downloads
  • Stolen electronic data / intellectual property
  • Deleted files, folders, images and videos
  • Operating data, including creation times, dates and system logs

The application of Computer Forensics

Computer forensics can cover a vast range of cases within commercial, civil and criminal investigations, such as;

  • Intellectual Property theft
  • Indecent imagery investigations
  • Employment disputes
  • Fraud investigations
  • Bankruptcy investigations
  • Regulatory compliance
  • Litigation & dispute resolution

About John Young

John manages CYFOR’s extensive team of digital forensic experts, which include mobile phone, computer and cell site professionals. His exemplary career as a computer forensics expert spans over 20 years, which starting within the Royal Military Police. Within this role he was responsible for large teams of computer analysts and was involved in high security investigations.

John is also Expert Witness trained, providing critical evidence in court proceedings of many high profile cases. His expertise also extends to a vast range of advanced forensic software and hardware platforms, securing his position as an expert within the field.

Back to all Posts

Call us today and speak with a Forensic Specialist

London: 0207 438 2045

Manchester: 0161 797 8123

Feel free to send us an enquiry

  • This field is for validation purposes and should be left unchanged.

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the new General Data Protection Regulation (GDPR) act, 2018.