Computer Forensic Science

America has invested more money in information processing and management using advanced computer technology than ever before . We transfer money electronically and are much more likely to receive an E-mail rather than a letter. It has been estimated by the Commerce Net Research Council that the worldwide Internet population is over 400 million and growing.

In this new information technology age, the immediate need for advanced law enforcement is drastically becoming a high demand. Some of the crimes concerning finance and commerce conducted over the internet continue to rise as advanced security flaws frequently become more exposed. In the past, criminals would leave “paper trails” but today, they leave electronic trails using electronic devices. Crimes that are associated with theft and manipulations of data are being reported every day. A serious terrorist threat could originate from the Internet or the secret plans of a dangerous serial killer could be found located on a portable thumb drive or hard disk drive inside a computer.

Just as our society has been gradually converting the way we manufacture goods, or the way we process the information needed for reference, the criminal activity has also upgraded from a physical dimension where evidence and investigations can be described by other terms, into a “cyber dimension” one could say, and in this, which evidence exists electronically over the internet where the majority of investigations need to be conducted.

Executive Summary

After introducing the subject of computer forensic science, we can begin to follow the different ideas on which computer forensics can be provided and to what extent. How it can prove to be more efficient than the old fashion ways of putting together a puzzle. The criminal justice system has changed a lot since the good old days when people took care of things themselves, or else could simply tell the sheriff who did what to quickly eliminate a problem with a neighbor. Criminals were dealt with in any fashion the law enforcement back then saw fit, unlike today where criminals are really treated far better than before.

The science of catching these criminals has totally evolved as well since the olden days when tracking footsteps with a local Indian was your only option. We have advanced into a futuristic world where catching criminals has been easier than ever and we owe this advancement to computer forensic science.

The advanced programming software development for computer forensic science specialists has given new advanced techniques to fingerprinting, the process of DNA analysis, as well as the advancement in forensic lab tests . Forensic scientists can then use these techniques to either prove people’s innocence or catch criminals red handed with solid evidence.

Chapter I What is Computer Forensics?

The main objective of using computer forensic science is to provide digital evidence of a specific criminal activity generally conducted by someone using a computer or the Internet. Criminals conducting in online pornography, credit card fraud and identity theft can all be traced using computer forensic tools and software.

There are many definitions that can describe the use of computer forensics within the criminal justice system. Generally, computer forensics can be considered a series of investigative techniques to identify, collect, examine and preserve evidence or information which is digitally stored or encrypted using today’s most advanced computer systems and software.

Giving a computer forensics expert the proper tools and software, he or she can then provide a useful service to the criminal justice system. This can, and will help protect against the growing numbers of computer and Internet criminal activity.

There a number of slightly varying definitions that can be used, however, for any type of crime committed regarding Internet fraud, theft, or the organizing of a criminal activity via the Internet can be investigated by computer forensic science specialists. As technology advances, the criminal justice system can also broaden the use of computers, along with software designed to help solve criminal cases in which the use of digital evidence can be substantial.

A forensic investigation can be initiated for a variety of reasons and is becoming more frequent as criminals take to the Internet to conduct criminal activity. The most high profile cases usually involve a criminal investigation, but computer forensic techniques can be an adequate use in a wide variety of situations, including recovering data that a criminal tried to erase.

There are several scenarios listed below where computer forensic science can be used. Internet abuse — piracy, copyright infringement, Employee’s activities (porn, chatting, shopping) The use of unauthorized corporate information (bank account, sales, clients) Industrial espionage (rare, handled by FBI in most cases) Assessment Cases (fraud, incident cases) Criminal fraud and deception cases General criminal cases (harassment, identity theft, trafficking)

In many cases, there are criminals who store their secret information on computers and do so either sometimes not knowing that they can be tracked, traced or monitored, along with that information being used against them in the court of law.

Chapter II How is it approached?

Computer forensic investigation can be approached in different ways. Although, It is a detailed science and must be conducted in a series of steps, the first approach is the most critical. The main phase consists of securing the subject system, making a mirror image of the hard drive, identify and recover all files. Recover any deleted files and access any hidden or protected temporary files. Examine all areas of the hard drive and investigate all of the settings from installed applications to the structure of the file system. Taking into account the general factors relating to the users activity and including a detailed report. Throughout the investigation, a mandatory full audit log of conducted activities should be maintained for future presentation.

There are a few things that should not be conducted during a computer forensic investigation. This is directly related to the way the subject computer system is being used. Typically, it is important to avoid changing any files on the system including the attributes, dates, or time stamps. The same can apply to overwriting any unallocated blank space on the hard drive, this is why it very important to create a mirror image of the original hard drive before powering up the system. This ensures an original hard copy that can be used multiple times in the event of any data loss during the initial assessment part of the investigation.

Chapter III Common Uses: Evidence

There are many very useful ways that computer forensic science has advanced the techniques used by forensic investigators to produce evidence for criminal cases. There has been software designed to provide a more advanced type of determination of blood spatter at a scene and in conducting an overall analysis. This certain analysis is conducted on a pattern of bloodstains distributed at a crime scene to determine the cause and effect. There are many effects and various types of patterns that blood creates on surfaces which ultimately determines its interaction with the surrounding environment . For example , the location and actions of the assailant can be determined and the movement of both the assailant and the victim during the incident. Using a computer to import the data from the crime scene can then give a better visual scenario as to what happened.

Without the use of today’s advanced computer forensic tools, these determinations would not have been possible. Because of the advanced techniques used by experts to produce this type of software, it has been easier for investigators to determine such factors in a relatively short period of time as well. Continuing to support the advancement of technology is important to reduce the overall risk of future Internet terrorist attacks.

Trace evidence is another common type of forensic evidence that is used today. This is commonly recovered as evidence from any number of items at a crime scene. These items can include fibers, skin, hair or other types of substance found in or around the scene of the crime. Hairs that are recovered from the crime scene can be examined to produce the source of DNA, which can then be used as an important factor determining the innocence or guilt of the subject on trial. Examination of material recovered from a victim’s or suspect’s clothing can then make an association between the victim or other person, place, or thing. DNA analysis can be considered one of the most important aspects of forensic science but could not be done without the use of advanced computer hardware and software. While DNA evidence can come in many forms when found at the scene of a crime, the most common collected is hair or bodily fluids. These can be tested to find a match for either the assailant or the victim. The DNA can then be the basis of making a conviction and charging someone guilty in the court of law, or it just may prove their innocence. It has been decided in many cases as we advance farther into the century, that we need to adapt . As the future ways of criminal activities continue to change and the criminals get smarter, we will always need to find new advanced ways to catch them.

Chapter IV Cyber Crime

Forensic science is the most advanced method yet, but is only the beginning. As the field of computer science grows, so will the abilities of the criminal justice system as they will have further evidence to judge and punish criminals. The continuous advancement in computer technology increases the chances of proving crime fit for today’s advancing criminals. It also gives officials better results when conducting investigation by having access to advanced satellite and GPS tools. As other countries teach programming language’s to teenagers in high school, the United States needs to be prepared to defend against intruders who simply “try to hack” as well as keeping security and privacy at safe for Americans. If America uses the Internet to purchase most of their products, that just opens up variations of fraud. Some of the earliest known cases of “cyber crime” involved these types of “amateur” hackers who only wanted to prove a point or show off for their friends.

Because amateurs can generally be caught by tracing, there is also software designed to act as a fake area to be targeted, this is called a honey pot. The hacker may make an attempt to steal some honey, but without knowing that it is only a trap for which he is now stuck in. Intruder detection software and analysis tools can help monitor and protect against cyber crime and thieves. Upgrading is also important because there is always the danger of someone knowing how to penetrate the new security standards.

Chapter V Database Profiling

Profiling is a helpful tool, but will never be used to replace a criminal investigation, unless more progress is made, this is because profiles are to general and lack individualism.

The main disadvantage to the police using a profiler is that they look for a specific type of person, but if the profile is wrong they have no other suspects. The profile of a criminal is only based upon the quality and accuracy of the evidence gathered. Also, innocent people get stereotyped because of profiling, if they fit the description of a criminal.

One positive influence of the research that has been done on offender profiling is that with the use of IT experts, the FBI have produced computer profiling. This is a database system that uses offender profiling to search for offenders based upon description, age, MO etc. It is called the Homicide Investigation Tracking System, first invented in America. The description, age and MO etc of caught offenders is input into a database, then when a crime occurs the FBI can search for any known offenders that have the same description, age or MO. The database produces a list of offenders with the same description, age or MO. The selection of offenders can then be narrowed down to a location or previous convictions.

The advantage to this system is that a list of suspects can be complied immediately. Information on all offenders across a wide geographical area is available immediately to all FBI and police departments. One disadvantage to this system is that it relies on data to be correct. Databases of know offenders only have information on criminals that have been caught. It could be suggested that that criminals that have not been caught may differ in characteristics than those that have been. Also convicted criminals may give false information to sensationalize their crimes.

Psychological research has certainly influenced changes in society, in law and in forensic science, however these changes have been limited. It can be suggested that psychological research may improve over time to make more advanced changes to our society, in laws and in forensic science services.

Chapter VI The Advancing Media

Research has been conducted on the influence that media has over criminal behavior. Studies have resulted in a surprisingly significant change being made regarding certain laws. After the Jamie Bulger murder, officials and investigators cracked down on those selling violent video games and films to underage children who also influence and lie to cashiers to obtain to latest title. The ratings on videos, DVDs and games are judged for sales, and are created far more advanced then they use to be, along with new categories for classification for these violent games and movies that have been introduced. Now, there are ways that investigators can issue fines against those selling films and games to underage children, and for repeat offenders, can be sentenced with a hard prison time.

There are many legal constraints on the media and the advancing film industry. They currently have control over what information can and cannot be disclosed and advertised to the public. The majority of advertisements we see are by the ones who pay the most money. One of the very serious offences committed by the media is when they identify an individual who is “supposed to remain anonymous”. At one time, reporters were able to publish information about a trail, however the law has changed to give a person the right to remain anonymously. For example, children and victims or suspects of sex crimes cannot be published for the public. There are some journalists who report false information, or information from the offenders past that could pose a substantial risk and prejudice during a trial.

These advanced changes within the law are positive, before, there was hardly any protection from the media among victims, resulting in them less likely to report criminal activity. By not revealing some victims previous past convictions to a jury may make them less, or sometimes more likely to find a guilty individual rather than innocent. Because of more in-depth conducted research by forensic science, we are able to stand on firm grounds for future convictions as we struggle to fight the battle of determining right from wrong.

Due to research in these areas, the government has introduced over seven thousand new police officers into our streets and in America. Every chief commissioner is now responsible for their own precinct thus, making low crime rates a personal reward. This can only be a positive outcome from such research. The introduction of many new IT college institutions designed to train law enforcement to help fight against cyber crime.

Chapter VII Conclusion

Although I have spoke with those who disagree with the advance uses of technology in today’s changing world. Some may believe that the old fashion way of conducting investigation still provides the best form of evidence. On the other hand, computer forensic science has added a great deal of development dealing with cases such as criminal harassment using E-mail or chat system.

Parents worry about criminals who use the Internet to influence children, they rely on computer forensic investigators and technicians that prevent the fraud and crime, especially involving underage children exploiters. As the Internet increasingly becomes more of a danger zone than the media, magazines and television. Still as of today, there are many laws being broken by using the Internet as the source and the government has little control. FBI Agents, Security Tech’s and Police Officers do what they can everyday to help control the crime conducted over the internet. As the Internet grows more every day, so will the need for stability and a fair place where our rights may still be expressed. The crime can easily be managed and controlled with the advanced technology that is produced by security experts around the world.

-Jon Marshall


American Academy of Forensic Sciences “Zes’s Forensic Site” Criminal, 110, 2009

American Society of Crime Laboratory Directors / Laboratory Accreditation Board (ASCLD/LAB). ASCLD/LAB Manual. “American Society of Crime Laboratory Directors/Laboratory Accreditation Board” Garner, North Carolina, 1994, pp. 29–30.

Anderson, Terry M., and Thomas J. Gardner. “13.” In Criminal Law. 10 ed. Belmont, CA: Wadsworth Publishing, 2008. 331.

Anderson, Terry M., and Thomas J. Gardner. “15.” In Criminal Law. 10 ed. Belmont, CA: Wadsworth Publishing, 2008. 360,367

Commerce Net Research Council, Industry Statistics, 2000, Title II <>

“National Academy of Sciences Finds” Serious Deficiencies in Nation’s Crime Labs“. National Association of Criminal Defense Lawyers. February 18, 2009. Retrieved 2009–12–07.

“Recovery Software.” In PC Magazine. New York: Ziff Davis, 2006. 23.

“Computer Dictionary” Hard Disk Drive, 2003–2006. <>

Originally published at

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.