Internet
Fact-checked

At EasyTechJunkie, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.

Learn more...

What is Computer Evidence?

Malcolm Tatum
Malcolm Tatum
Malcolm Tatum
Malcolm Tatum

Computer evidence is data that is harvested from a computer hard drive and utilized in the process of a crime investigation. Because it is relatively easy to corrupt data stored on a hard drive, forensics experts go to great lengths to secure and protect computers that are seized as part of the investigative process. Extracting the data must take place under highly controlled circumstances, and must be accomplished by law enforcement professionals that are specifically trained in the process.

It is not unusual for computers to be collected whenever they are found at a crime scene. For example, when an individual is found murdered in his or her home, there is a good chance that any laptop or desktop computers found at the scene will be confiscated. In like manner, if an individual is arrested on suspicion of some type of fraud or embezzlement, his or her personal and work computers are likely to be collected for analysis by experts.

Law enforcement agencies employ technical advisers who specialize in extracting data from computers.
Law enforcement agencies employ technical advisers who specialize in extracting data from computers.

The process of looking for computer evidence begins with a thorough review of all files found on the hard drive. In order to accomplish this, the hard drive is carefully screened for any hidden or secured files that may not be readily apparent. Because hard drives save copies of files that are deleted from public directories, experts involved in the forensic investigation will seek to locate and extract files that were deleted. This is important, since there is a chance they would include data that could confirm guilt, or possibly provide proof that the individual arrested was not involved in the commission of the crime.

Computers are often collected when individuals are suspected of committing fraud.
Computers are often collected when individuals are suspected of committing fraud.

Many different types of files may yield computer evidence that can aid in solving a crime. Visual images, emails, spreadsheets, and other common types of files can be encrypted and hidden in various caches on the hard drive. Experts know how to find these hidden caches, access them, and view the contents of those caches. Many operating systems automatically perform this function even when files are deleted, creating copies that are placed in the hidden caches. This means that even if the criminal has taken steps to wipe incriminating evidence from the hard drive, there is a good chance one or more of these hidden caches are overlooked and can be extracted by law enforcement.

Evidence collected from a computer during a criminal investigation may be grounds to arrest a suspect.
Evidence collected from a computer during a criminal investigation may be grounds to arrest a suspect.

Collecting computer evidence is a highly skilled task that is usually conducted in specific steps. Once the computer is confiscated, it is transported to a secure site. Only a limited number of authorized individuals have access to the system while it is being mined for possible evidence. Because the mining and extraction is conducted under such stringent conditions, it is virtually impossible for the hard drive to be tampered with. This makes it possible for any evidence collected to be useful in the ongoing investigation.

In some cases, printers and other computer-related devices are involved in the crimes such as counterfeiting.
In some cases, printers and other computer-related devices are involved in the crimes such as counterfeiting.

The use of computer evidence in court has gained more acceptance in recent years. Concerns about tampering or damage to the evidence in years past sometimes led to restrictions on how much evidence collected from computers could bear on a given case. However, as law enforcement has enhanced its methods for preserving and protecting hard drives from possible contamination, more legal systems around the world are viewing computer evidence as fully admissible in a court of law.

Malcolm Tatum
Malcolm Tatum

After many years in the teleconferencing industry, Michael decided to embrace his passion for trivia, research, and writing by becoming a full-time freelance writer. Since then, he has contributed articles to a variety of print and online publications, including EasyTechJunkie, and his work has also appeared in poetry collections, devotional anthologies, and several newspapers. Malcolm’s other interests include collecting vinyl records, minor league baseball, and cycling.

Learn more...
Malcolm Tatum
Malcolm Tatum

After many years in the teleconferencing industry, Michael decided to embrace his passion for trivia, research, and writing by becoming a full-time freelance writer. Since then, he has contributed articles to a variety of print and online publications, including EasyTechJunkie, and his work has also appeared in poetry collections, devotional anthologies, and several newspapers. Malcolm’s other interests include collecting vinyl records, minor league baseball, and cycling.

Learn more...

Discussion Comments

Melonlity

@Markerrag -- then again, people might just get better at finding ways to eliminate incriminating files from a computer. It's kind of a catch-22 for law enforcement in that regard.

What is fascinating is that more people are becoming aware of how law enforcement can find even files that were thought to be deleted and are finding applications that are supposed to completely get rid of that information. Most of those applications, however, don't work terribly well. Although people are aware of modern investigative techniques, they still can't do much about them.

Criminals develop new techniques to destroy computer evidence, but law enforcement finds way to counter those techniques. Knowledge of that little fact may, in fact, serve to deter crime.

Markerrag

It would be fantastic if more people knew that what they store on their computers can often be uncovered even if steps are taken to erase incriminating evidence. If more people knew about modern investigative techniques when it comes to computer crime, perhaps they would be deterred from engaging in criminal activities online or anywhere else a computer is used.

Post your comments
Login:
Forgot password?
Register:
    • Law enforcement agencies employ technical advisers who specialize in extracting data from computers.
      By: Photo_Ma
      Law enforcement agencies employ technical advisers who specialize in extracting data from computers.
    • Computers are often collected when individuals are suspected of committing fraud.
      By: alexskopje
      Computers are often collected when individuals are suspected of committing fraud.
    • Evidence collected from a computer during a criminal investigation may be grounds to arrest a suspect.
      By: Ammentorp
      Evidence collected from a computer during a criminal investigation may be grounds to arrest a suspect.
    • In some cases, printers and other computer-related devices are involved in the crimes such as counterfeiting.
      By: Africa Studio
      In some cases, printers and other computer-related devices are involved in the crimes such as counterfeiting.
    • Copies of deleted files may still be recovered from a hard drive and used as computer evidence.
      By: merydolla
      Copies of deleted files may still be recovered from a hard drive and used as computer evidence.