Computer Forensics: Where to Find Electronic Evidence

Part of the Computer Forensics For Dummies Cheat Sheet

If you're working in computer forensics, knowing where to look for electronic evidence is critical. A computer forensics investigator seeks evidence in all the electronics on the following list:

Computer: Digital memories don't forget anything. A hard drive is a goldmine for locating every file that was created, saved, downloaded, sent, or deleted to it or from it, including documents, e-mails, images, and financial records. You can find file content intact, as well as a lot of details about when the file was created, accessed, and edited, and you might even be able to find prior versions. In short, a hard drive is the perfect time machine. Web site that was visited: Any digital device used to access the Internet can be searched for a listing of where on the Web a user has visited — and when. No one surfs anonymously.
PDA: A handheld device records a person's life like no other device does. To find out the where, what, with whom, and how much of a person's life, check his PDA. MySpace, Facebook, or another social network: Full transcripts of private chats and postings in social networks are gaining on e-mail as the primary source of e-evidence. Note: These chatters chat a lot and don't use punctuation or an easily recognizable language.
Cellphone or smart phone: As on a PDA, the information you can find on a user's phone can be the e-evidence you need — or it can lead you toward other e-evidence. You can find detailed logs of incoming and outgoing messages and text messages; transcripts of text messages; address books, calendars; and more. Chat room: Sadly, predators and other criminals hang out in chat rooms all over the world.
E-mail: Everything, no matter how incriminating or stupid, is sent and received by e-mail. In fact, nothing is subjected to searches more than e-mail is. It serves as truth serum, and, for exactly that reason, the notorious connection between e-mail and jail is usually ignored. Any device that has memory: Digital cameras, iPods, flash drives, SIM cards — if it uses memory, it might have evidence.
GPS device: Tracking technology has already been used in high-profile court cases. To find a person's whereabouts, check the GPS device. Network or Internet service provider (ISP): An ISP is a fertile source of digital dirt and details. If bytes pass through it, each network device records it.
blog comments powered by Disqus

Computer Forensics For Dummies Cheat Sheet


Inside Sweepstakes

Win $500. Easy.