What is a computer forensics investigator?

Frequently, news programs flash on a residence or business where law enforcement personnel are seen carrying out boxes and bags of items pursuant to a search warrant. News commentators report that the suspected criminal’s computers, cell phones, and other electronic devices were also confiscated.

What happens next? How does law enforcement access information that is stored on a computer? What if the computer owner erased their hard drive or at least their search history? This is when a computer forensics investigator is called on to help.

The American Academy of Forensic Science (AAFS) defines the word “forensics” as “ relating to, used in, or suitable to a court of law… Any science used for the purposes of the law is a forensic science.”

Forensic science is objective and unbiased. It is used in civil disputes and criminal cases by those on both sides of the dispute in an effort to get to the truth.

A computer forensics investigator is a trained professional who is called on to retrieve data from computer storage devices. The investigator often works with equipment that has been damaged either internally or externally.

The investigator may be called upon by law enforcement to help discover evidence of a crime. The investigator may also be called upon by defense attorneys to find exculpatory evidence.

The investigator may also work for private individuals to look for evidence of a cheating spouse or for private businesses that are trying to identify possible criminal or civil violations committed by their personnel.

Often, if the computer has been damaged, the damage was intentional in an attempt to destroy incriminating evidence that may be lurking inside. For example, someone charged with child pornography may have thought they destroyed damaging evidence. Other times, the data may have been destroyed by an intentional hacking or a virus.

The investigator dismantles the system and works to recover the lost data. When the data is recovered, the investigator writes a report including the steps that were taken to retrieve the data. The report is provided to the entity who hired the investigator, whether law enforcement, a private person, or a business. Investigators will likely be called on to give testimony in court concerning their reports.

The process of extracting data may take weeks or even months. It must be done carefully since it is often used as critical evidence in crime-solving.

Some specific duties of a computer forensics investigator include, among other things:

If information has been stored on the computer’s hard drive, the computer forensics investigator will likely be able to find it even if the user has gone to great pains to erase it or destroy it. Here are just a few brief examples of how this has worked, how it can work, and how it is often used.

For more information about how a computer forensics investigator can help you with your case, contact us online at Barefoot Professional Investigations in Charlotte, North Carolina. You may also reach us by phone at 704-377-1000.

The post What is a computer forensics investigator? appeared first on Barefoot Professional Investigations.