Computer Forensics is the collection, preservation, discovery, analysis, and presentation of evidence found on digital devices. Computer Forensic Experts draw on a variety of methods for discovering and analyzing information that resides on computer systems, personal digital assistants (PDA), cell phones, and other electronic devices.

Any business or individual who needs to investigate the activities associated with the use of computers or other digital devices, especially if the other side has retained a Computer Forensic Expert. Computer Forensics is extremely valuable in litigation to support claims of embezzlement, fraud, intellectual property theft, and security and Human Resource policy violations. Criminal Law cases, both prosecution and defense, are dramatically enhanced with the recovery and/or dispute of computer evidence. Computer Forensics is even being utilized in family law cases with increasing regularity, as estranged spouses recognize the potential for evidence to support custody and divorce settlements.

The owner of a computer can grant permission for it to be examined. A business may grant permission for a search on any of their computers regardless of who uses it with some exceptions. In a civil dispute, the parties can agree to an examination or the court can order an examination. In a criminal case, the computer will usually be seized by law enforcement through the use of a search warrant. The defense can obtain copies of the seized items and any findings of its examination with certain exceptions.

At a high level, the Computer Forensic Expert copies, examines, and analyzes information, prepares a report, and substantiates findings in depositions and through expert testimony. The first step is to work with counsel to develop an appropriate strategy and determine the evidence needed to support the case. The next step is to collect and preserve the evidence. Finally, an analysis is performed on the collected data. Analysis may include keyword searches, timeline analysis, deleted file recovery, email analysis, and other tasks related to evidence identification and recovery.

The answer depends upon the activities under investigation. Cases involving theft of trade secrets may focus on the recovery and analysis of all electronic communications, file copies, file print activity, access to CD burners, thumb drives, USB disks and more. Cases involving sexual harassment or wrongful termination turn to Computer Forensics to develop activity profiles such as email communications and Internet browsing habits.

While you may have access to experienced IT resources, it is unlikely these individuals are trained in forensic protocols which can result in destruction and spoliation of evidence due to improper methods. The preservation, extraction, and analysis of computer evidence in a forensically sound manner requires access to specialized hardware and software and the knowledge to utilize these tools. Perhaps most important of all, Computer Forensics must be performed by an unbiased third party. Claims of evidence tampering or fabrication will be presented by opposing counsel in almost every case and a respected Computer Forensics firm can demonstrate forensically sound methods that are court-approved and impartial. As an Expert Witness, a Computer Forensics firm can provide opinions and conclusions relative to the findings.

Use care in your evaluation of costs. One of PROTEGGA'S clients had previously hired a respected Computer Forensic firm that charged an apparently reasonable rate of $250 per hour. However, this firm included all unattended computer processing time in their hours. The client spent over $70,000 for a job that should have been no more than $25,000. Another firm charged double time for any work performed with less than 24 hours notice. PROTEGGA adheres to the highest professional and ethical standards with costs always clearly defined. Ask the PMan for the current rate sheet.

No. This is simply a marketing ploy. You may also hear it termed digital forensics. These are both identical to computer forensics.

E-discovery is the process by which parties involved in litigation respond to requests to produce ESI, "electronically stored information". The production of ESI may be provided by a Computer Forensic Expert and there are definite benefits to having discovery performed this way. Computer Forensics is employed (1) to ensure all the information provided throughout discovery is accurate and complete, or (2) to perform a Computer Forensic investigation when discovery falls short of expectations.

This is a common misconception. Unlike ordinary data recovery efforts, Computer Forensic examinations use strict controls and procedures to ensure that all existing data is found, that the original data is preserved unchanged, and that any recovered data is admissible in court or other legal proceedings. Computer Forensic examinations are an investigative process and data recovery is only a very small part of that process.