What Every Attorney Needs to Know about Computer Forensics, Part 1: What is Computer Forensics?

    G. Hunter Jones

    Read Part One as a PDF

    Computer Forensics is the science of examining computers, networks, and data storage devices in order to obtain information relevant to a specific litigation, investigation or criminal proceeding.

    Such information may be located in intact or deleted data files, as well as in artifacts that show prior actions related to the data or to the digital devices.

    A qualified Computer Forensics expert has specific training (and usually corresponding certifications) in locating, analyzing and interpreting such findings, and in reporting clearly the source and meaning of the data.

    A qualified Computer Forensics expert has specific training (and usually corresponding certifications) in locating, analyzing and interpreting such findings, and in reporting clearly the source and meaning of the data. Usually the expert will present these results to a client as a report, and often support them before the trier of fact through affidavit and/or testimony.

    The analysis usually requires access to computer data which is unavailable to the normal user (obtained by the use of specialized forensics software), in order to recover deleted materials and to examine the operating system’s own records of events and settings.  At the same time, the analyst has an absolute obligation to protect all the original evidence against any form of alteration. This includes secure storage to prevent unauthorized access and the use of special equipment that allows reading stored data but prevents any writing to the same devices, which could otherwise spoliate evidence.  To support how information was obtained, the analyst will document the chain of custody, analytic steps taken, and the corresponding results produced.

    When Computer Forensics experts have followed these principles, they will usually be successful in having their  findings admitted, and their opinions as to proper inferences will generally be accepted.

    Read Part Two: The Difference between Electronic Discovery and Computer Forensics

    Read Part Three: What Criminal Defense Attorneys Need to Know about Computer Forensics

    Read Part Four: What Trusts and Estates Attorneys Need to Know about Computer Forensics

    Other Insights from G. Hunter Jones

    Post
    Read G. Hunter Jones' review of “Electronic Medical Records and Litigation," a reference and practice manual valuable for both attorneys and forensic experts involved in medical malpractice litigation.
    Case
    DisputeSoft was engaged by the LA Times in this software license dispute involving the illegal use to develop a proprietary database, Integrated Circulation Information System (ICIS).
    Post
    This installment of DisputeSoft's Computer Forensics series sheds light on how a computer forensics expert can uncover factual information that exposes medical mistakes or cover-ups.

    G. Hunter Jones

    Managing Director Emeritus

    Hunter Jones has over 40 years of experience as a systems engineer, working in IT consulting and computer system development. As a systems developer, he is intimately familiar with the internals of computer systems, both operating systems and application programs. As a certified computer forensics specialist (EnCase Certified Examiner and GIAC Certified Forensic Examiner), Hunter has established credentials in the fields of computer forensics and electronic discovery. Hunter also has deep knowledge of computer forensics as it relates disputes concerning medical malpractice, video files, patent infringement, and internet misconduct.