What is Computer Forensics?

What is Computer Forensics?
Computers and mobile devices are an integral part of daily life. There’s hardly a home or business in the greater Charlotte area that doesn’t have at least one device — and, often as not, multiple devices — on the premises. Just as technology changes with the times, meaning the average person has more computing power in their pocket at any given time than was used on the Apollo 11 moon landing, so too has malfeasance and criminal behavior. Luckily, Charlotte professional investigators like Barefoot Professional Investigations have also kept pace with the times, bringing a wide range of computer forensics tools to bear on the challenges faced by individuals and businesses in our area.

Computer Forensics in Brief
Forensics is the application of scientific methods and techniques to the detection and solving of crimes. Here, we’re using “computer” in a broader sense than usual. That’s because computers are no longer restricted to servers, desktops, and laptops; these days, as we’ve seen, the computer in question is just as likely to be something that slips easily into a pocket or messenger bag.

The aims of computer forensics can be boiled down to three simple questions:
What happened?
How and why did it happen?
Was this the result of human activity?
If so, “who did it”?
What are the next steps, and how do we keep this from happening again?

With information security a top of mind concern for individuals, businesses, and even municipalities, identifying malicious activity — including data theft, corporate espionage, spyware, malware, ransomware, and a host of other threats — is key to protecting everything from privacy to sensitive patient information, financials, and one’s own reputation.

Computer Forensics: the Tools of the Trade
In the broadest possible sense, computer forensics is all about data. Some of that data is clearly visible on your device or server, and will be easily accessible. Other data, however, is harder to find; it may have been camouflaged under an unusual name, or with the wrong type of file extension. It may have been moved or deleted, or may even be encrypted.

Not all data can be recovered, but there’s a surprising amount of information and files hidden more or less in plain sight if you know where to look, and what you’re looking for. Temp files, print queues, and mobile applications leave behind a wealth of data that can be mined for insights.

Types of Computer Forensics
Computer forensics allows for varying degrees of granularity in the data obtained; the more detail desired or needed, the more involved the process tends to be. File system acquisition is a bit more detailed than a simple directory search, but can miss some types of information. Logical acquisition goes a step further, leveraging some of the same processes used by your phone when it backs up or synchronizes with another device. The most exhaustive method is also the most time-consuming; physical acquisition — the method we favor — makes an exact copy of a device’s entire contents, including items that may be hidden or that the device user may have tried to delete in order to cover their tracks.

However, there’s another consideration for investigators that goes beyond the hows and whys of a computer forensic investigation. Evidence handling is paramount. As with any other investigation, there are rules of evidence that must be scrupulously followed if the information uncovered is to be legally admissible, which is why we perform our work on the copied evidence that can then be compared against the original.

Finding the Right Computer Forensics in Charlotte
It’s also noteworthy that computer forensic investigations and TSCM (technical surveillance countermeasures, the electronic countermeasures and debugging that often accompanies our forensic work) ought not to be left to the inexperienced. While TSCM requires a certification, computer forensic investigation does not (as of this writing). That’s why it’s important to enlist the services of a PI like Barefoot Professional Investigations; we have the experience to deal not only with the IT considerations, but also with the tangled web of legal and ethical concerns that so often come with an investigation. Contact us for a discreet consultation today.