Computer forensics

Britain has one of the highest computer ownership figures in the world, with more than 75 computers per 100 people*. It is not surprising, therefore, that the potential for the misuse of computers is also significant.

When computer misuse occurs, or is suspected, computer forensics is used to analyse the extent of the misuse, and how it could have happened.

Whether it forms part of an internal company investigation, a litigation case or a criminal enquiry, the technique of computer forensics always follows strict principles to ensure the investigation is conducted in a forensically sound manner.

It is not sufficient to simply switch on the computer, and investigate its contents. By doing so, this compromises the integrity of the data and could result in a legitimate legal challenge

The Computer Forensics Processes

Computer forensics begins with the process of forensic imaging – which ensures that no changes are made to the suspect machine, and that only an EXACT binary copy is investigated.

This process uses a device known as a “write blocker”, which means that data can be extracted from the suspect computer in a form which can be safely interrogated by a forensic analyst.

The analyst then follows a series of documented processes and procedures to investigate how the user of that computer has interacted with it, what they have done and how. This varies from case to case, and a report is produced upon its conclusion.

If you suspect computer misuse, please contact CCL-Forensics for more information on how a tailored investigation could help you.

* Source: “Pocket World in Figures” based on data from the International Telecommunications Union – as featured in Economist.com, Dec 18th 2008