UK Business Directory | Promote Your Business

The legal process involved in computer forensics

Rules of Evidence There are various tests that courts can apply to the methodology and testimony of an expert in order to determine admissibility, reliability, and relevancy. The particular test(s) used will vary from state to state and even from court to court within the same state. Commonly, you will hear about the Frye test and the Daubert test. You need to be aware of the Rules of Evidence for your locale and situation. Your best bet is to ask legal counsel about any Rules of Evidence that you need to be aware of pertinent to the situation, and familiarize yourself with this information early on. We recommend that you find and read the Federal Rules of Evidence on the Internet, and conduct searches using the terms "daubert test" and "frye test" as keywords. Legal Processes This has to do with the processes and procedures for search warrants, depositions, hearings, trials, and discovery just to name a few.

This can also be related to processes relevant to your employer, as well as conducting computing investigations internally for your employer. If you are conducting computing investigations for your employer, the best advice we can offer is to work as closely as possible with legal counsel and those in your Human Resources department before and during a computing investigation. You'll not know everything you need to know when you start working in this field - it is a learning process.

Integrity of Evidence

This has to do with keeping control over everything related to the case or situation. We are talking about establishing and keeping a chain of custody, as well as making sure that you do not alter or change the original media. As well, you cannot talk to other people about the case or situation specifics that are not involved. Factual Reporting of the Information Found Your findings and reports need to be based on proven techniques and methodology, and you as well as any other competent forensic examiner should be able to duplicate and reproduce the results. You may have to testify or relate your findings and opinions about your findings in a court of law or other type of legal or administrative proceeding.

Two Primary Types of Computer Forensics Investigations

Computer forensics techniques and methodology is used in two primary types of investigations. The first is when the computer(s) was/were used as an instrument to commit a crime or involved in some other type of misuse. The second is when the computer is used as the target of a crime - hacked into and information stolen for example. When computer forensics techniques and methodology are used in this situation to figure out what happened, we typically call this incident response. In the first type of investigation, you may or may not be present when the computing device is shut down to begin an investigation. You may have hard drives and other media delivered to you to analyze. In the second type of investigation, you will typically always want to capture information that is extremely volatile, such as information contained in RAM concerning network connections and running processes.