Computer Forensics

Computer forensic scientist: what do they do?

Being a computer forensic scientist requires you to employ professional, expert techniques to cautiously and judiciously extract sensitive information from digital devices without compromising the integrity of the data. Computer forensic scientists help in assisting businesses, law enforcement agencies and organizations who need expertise in investigating computer-related infractions.

Need IT Support?

Are you a Toronto lawyer or Toronto law office that is looking for IT Support / IT Services? Do not hesitate to call Fidelity IT Solutions. We provide law firm IT support and focus on bringing the right information technology solutions for law firms. We offer support 24 hours a day, 7 days a week in the Greater Toronto Area and surrounding Ontario communities and Southern California. Our Toronto number is 647.693.9124.

In general, when it comes to the evidence recovery process, there are four stages and they are (i) collecting, (ii) processing, (iii) reviewing and (iv) producing the data in an understandable format. The main task of a computer forensic scientist is to investigate and discover illegal activities that are conducted via smartphones, tablets, desktops and other devices.

Computer forensic scientists have become a great resource for law firms, in particular when it comes to criminal cases such as fraud and child pornography cases, businesses who need to meet compliance requirements and organizations who need to internally investigate a matter. This article will discuss the various roles and functions that a computer forensic scientist has to fulfill and the general principles a computer forensic expert has to consider to ensure that industry-best forensic protocols are being followed. The best chance that computer forensic scientists has in ensuring that they have successfully recovered digital data is their ability to do it right the first time.

Computer Forensic Scientist

A critical component of being a computer forensic scientist is retrieving, discovering and recovering the digital evidence on the subject’s desktop computer, laptop, tablet and/ or phone. Locating evidence becomes mission-critical for a computer forensic scientist when the data/ files has either has been deleted, become invisible, is password-protected, encrypted, has gone missing due to a corruption in your system, either from a malicious virus/ malware source or it has been physically damaged.

There are numerous reasons why digital evidence can become hard to locate and a computer forensic scientist is, in most cases, able to retrieve and recover the digital data. Great technology is the cornerstone of a forensic expert’s ability to do their job, and this is no different for a computer forensic scientist who needs the right tools to recover evidence.

A computer forensic scientist also has the onerous task to delicately protect the integrity of evidence and data from being altered in any way during the data extraction process. The transfer of data – so that it can be examined, analyzed and isolated – can put the system’s data at risk and it can be corrupted during the process either during the transfer or the data can be tainted by a virus. A “write-blocking” device is often used to ensure that the integrity of the data is not spoiled by anything that is not indigenous to the computer and hence rendered inadmissible in an investigation.  The quality of the procedure and the steps a computer forensic scientist takes is critical for how it will be perceived in the courtroom. If a prosecutor can show loopholes, through cross-examination, that the procedures the forensic expert took could lead to possible contamination or if the procedure was dubious, it will certainly impact the weight of your testimony and undo the work a computer forensic expert did in the case.

Highly important to the discipline is to recover all the files that have been erased/ deleted and all the other data that has not been overwritten. This is because when the computer is being used, the OS is continually modifying and creating data. What occurs is that sometimes, the OS will store new data and overwrite existing data that is no longer needed by the OS. For instance, a file that may have been deleted will remain dormant in the OS but will remain in the hard drive nonetheless. It is only permanently deleted if the computer no longer needs that data. By using the computer, you are putting data that has been deleted from the hard drive at high-risk of permanent deletion.

A general rule of thumb for computer forensic scientists is that they will always use forensically-sound protocols, at all times, during the recovery and analysis efforts. This is not only important to ensure that they get the right data that they are looking for but it is also crucial that they do so to ensure that the evidence is admissible in court.  For many criminal lawyers, computer forensic experts have become an incredibly important part of their legal defense strategy, especially in: child pornography, identity theft, fraud, employment disputes, forgeries, inappropriate use of the internet or emails in the work place, and espionage cases.

A lot of times, a case is contingent on the expert testimony of a computer forensic professional. Computer forensic experts have, as part of their job description and job responsibilities, articulate their findings well and explain in detail the steps they took to ensure that the protocols they took to extract the data is careful and up to standards.  A computer forensic examiner is only as good as the testimony they can provide. This requires that the forensic expert must know the legal issues in dealing with electronic evidence, such as knowing how to navigate the discovery process, safeguarding the contents and data, protecting privilege and learning how to communicate and work with lawyers and legal personnel. It is critical to learn how to speak the language of lawyers and communicate the highly technical findings in a language that they understand.

Computer forensic practitioners must carefully handle sensitive information in various storage devices. It is not only about learning how to extract digital information and data, it is important that no data is deleted, added or modified during the transfer. The primary responsibilities of a computer forensic scientist is to preserve, identify and extract evidence that is stored in laptops, smartphones, desktops and storage devices; search through pertinent data and aid the efforts of law enforcement and legal teams; gather evidence in legal cases and provide expert testimony when a case goes to trial. Computer forensic specialists combine their unique technical skillsets with their investigative abilities and legal knowledge and put together their findings in a format that is understandable and clear.

Fidelity IT Solutions provides expert testimony and computer forensic experts to businesses in Toronto, Canada and beyond with certified professionals.