When you hear the term computer forensics – what comes to mind? Hackers typing out codes late into the night and CSI-like teams poring over computer files to foil their plots? I wanted to find out if computer forensics was really as dramatic as I imagined, I spoke with expert Craig Ball, a seasoned trial lawyer, certified computer forensic examiner and eDiscovery guru, who gave me some great insight into the field.
Craig eloquently explained to me that computer forensics is the “art of teasing human drama out of bits and bytes.” Every single time we use a device to create or send a message, we leave electronic footprints whether we realize it or not.
These electronic trails are created by emails, documents, text messages, credit card purchases and hundreds of other digital activities which tell behavioral stories about each of us. The goal of computer forensics is to examine all of this digital data in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.
Typically a court or the legal parties will ask for a computer forensic examiner to come on board to a case and help safeguard the integrity of the process, and/or to serve as an expert witness. These examiners look at data and information quite differently than an IT person or even an attorney – they may even look at granular-level data that is deemed unimportant by most people, but that can be extremely telling. The forensic examiner knows that looking at all of this information in its totality will help paint the picture of computer-related human activity that is relevant to the case at hand.
So what is the difference between e-discovery and computer forensics? Craig says that computer forensics is a more focused approach to examining data. E-discovery works with informational content on a much broader scale, while computer forensics operates on a more microscopic level, looking at the metadata, which is details about the data (when it was saved, by whom, etc.) Also, there is a level of complexity with computer forensics in which there is sometimes spoliation (destruction or corruption) of the information due to user activity, poor preservation techniques or hardware failure. Craig comments, “We are a society very dependent upon the technologies that we use day-to-day, and computer forensics helps make sense of the digital deluge.”
So how does one find a qualified forensics expert that can get such an intricate job done effectively? Craig suggests word-of-mouth approach first. He says, “Start talking to people that hired an expert in the past and ask them how well they performed, especially when faced with a major challenge. You want to make sure that your examiner can work well under pressure and can take raw data and make sense of it.” Two more important aspects – if the consultant has experience testifying or being a part of litigation and is not unproven in the real world, you will have a better idea of what he or she is capable of. Also, look for practitioners that do forensics as a full-time job – not moonlighters. With such sensitive and complex data at stake, you want to know that they are putting 100 percent of their time and energy into your case and that you’ll be able to call upon their expertise during the work day rather than at night and on the weekends.
Unlike the CSI episodes which feature showy smoking guns, explosions and dynamite, computer forensics is a much quieter, more cerebral process. However, though the realizations are not loud and obvious, they are powerful. As Craig said, “Computer forensics is powerful in its ability to uncover information – not always relevant information, but invariably enlightening and occasionally dispositive.” I guess in the case of computer forensics, knowledge truly is power, so make sure to find a qualified expert to track down those digital footprints for your firm!
Copyright © 2023 Legal IT Professionals. All Rights Reserved.