Computer forensics deals with retrieving material from a computer, thus allowing for evidence to be used in a criminal investigation. Almost all information can be recovered from a computer’s hard drive, even information that has been deleted, unless the hard drive has also been wiped clean. However, there are certain rules and regulations to follow if information that has been retrieved from a computer is going to be used as evidence in court. It’s not simply a case of any underhand tactics can be used to prove a person’s guilt or innocence and there are only certain court approved tools and software that can be used. This article will discuss four of the most common used tools and techniques from around the world.
COFEE
The Computer Online Forensic Evidence Extractor (COFEE) was developed by Microsoft. It can best be described as an automated and portable digital forensic tool. Microsoft developed this tool while working with the American government and it is now used by various law enforcement agencies around the world. In fact, COFEE is used extensively in many criminal proceedings by INTERPOL. The tool is simply a portable flash drive that will plug into any computer’s USB port. As soon as it is activated it will extract all the information from the computer.
EnCase eDiscovery
This is a legal software application typically used by law companies who want to carry out in house foresnsics and under their own steam. This particular software is widely used in court cases around the globe. The software is specifically used for a legal team to assess their case at any time. It is a great way for a firm to understand how their case may be viewed by judge and jury and obviously to make any necessary changes to their case. The application can be used on a pay per use basis or a full license can be purchased.
Drive Cleansers
A drive cleanser is used to destroy all forms of information and data contained within a computer’s hard drive. This specific program has been designed to protect private information by irreversibly deleting it, thus protecting an individual or firm from having their private information fall into the wrong hands. This is a highly recommended tool by many government agencies in various countries.
FTK
The Forensics Toolkit (FTK) is a form of software that will bypass any user accounts and passwords on a computer, thus allowing the user full access to any data stored on a computer system. In fact, this software will even access deleted files, as long they haven’t been permanently deleted from the hard drive. The software works with a number of operating systems, including Microsoft Windows, Mac and UNIX.
All of the software and tools have been specifically validated for use in court proceedings and are generally used to either prove someone’s guilt or innocence. Computers in general have become a part of our everyday life and therefore most people tend to store all types of personal information on them.
Hi Guest – as a new reader to your blog I though I’d just leave a quick comment here to say I’ve been enjoying it a whole lot. Thanks! Shaun
Thank you, Shaun.