-
Computer forensics is designed to find and seize evidence of criminal value that is stored in binary. This not only involves the seizure of information related to crimes to computers or computer data, but also crimes that are committed with computers used as the main medium of communication. Drug trafficking, theft, and child pornography are frequently monitored by the United States Department of Justice. As an example of the job of computer forensics, the information that is recovered and used as evidence for drug trafficking case would include:
-Bank account numbers
-Names and addresses of those involved
-All data on financial activity
-Email or instant messaging with incriminating messages
-The transfer of drug recipes or other drug information
-Locations of drug exchanges or hidden landing strips for drug imports
If a warrant is issued, the police will seize all home computers, laptops, network servers, any digital assistance device (ie. Blackberry), and other devices that can store binary data. The Computer Forensics Program (CFP) will analyze the content of each device in order to gain any data necessary to incriminate the suspect, and what they find will be admissible in court.
To make the data admissible, the CFP must go above and beyond normal computer inspection and data collection techniques. The CFP use data collections experts and incredibly advanced technology in order to ensure that the data is preserved. The primary analysis comes from the software data contained on the computer. The forensic examiner then gives a detailed opinion based on the material that they have found. They provide the prosecution with any evidence of criminal activities that they have found. Their procedure has four main steps:
1. Identify sources of digital evidence.
2. Preserve the evidence.
3. Analyze the evidence.
4. Provide the prosecution and law enforcement with the evidence.