Advancements in forensic technology have revolutionized the task given to law enforcement officials when deciphering a criminal investigation. Crime scene forensics, used to gather finger prints, DNA, and other admissable evidence, are the more commonly-explored tools used by forensics scientists to prove witness accounts and follow leads. But since the 1980s, computers have been a viable source of legal evidence in everything from identity theft to murder.
Computer forensics mainly assess evidence found on the hard drive of a desktop or laptop computer, though in recent years the field has branched out to include data retrieval from cell phones and remote internet servers as well. Investigators use forensics software to search for three types of data:
- Cross Data: This includes correspondence between involved parties such as emails, instant messages, and social networking. Such evidence can be used to corroborate an existing relationship between victims or suspects.
- Live Data: Any existing data on the computer is considered live data. This could include documents, pictures, or any other files that might aid in the investigation. Live data can easily be extracted to a portable device and used as viable evidence during a trial.
- Deleted Data: Because most computers save a physical copy of all data on a backup partition, deleted files are often not removed. A suspect attempting to cover their tracks might not think to use disk scrubbing or encryption software, making it easy for investigators to gather the evidence they need for a conviction.
Technology advancements in the field of computer forensics are being made every day. As more people invest in better encryption devices, law enforcement software is redesigned to bypass such security measures, leading to more arrests and convictions in otherwise difficult cases. The creative and futuristic technologies in shows like CSI are starting become not just realities, but commonplace.