±Forensic Focus Partners
|New Today: 0||Overall: 34601|
|New Yesterday: 4||Visitors: 171|
Data: The Basics of Computer ForensicsBack to top Back to main Skip to menu
Data: The Basics of Computer Forensics
Computer forensics can be divided into three broad specialties. The most basic of these is obtaining and documenting digital information. This includes data recovery and verification. The second is expert testimony concerning things computerized. More often than not this involves networks and the Internet. The third, and the most fun, is real sleuthing. Because it is so infrequent, the best stories come from figuring out how information was compromised, searching for deleted files, or ferreting out identities on the Internet. This article will deal with the basics of the first specialty. Publishers willing, future articles will discuss the rest.
Federal statutes imply that a computer is any device that stores, manipulates or transmits electronic data. Certain State codes do more than imply. They overtly define computers as such. While this is overly broad for technical use, it is good for the practice of law. When issuing a subpoena, the lawyer does not have to guess what the local IT department calls a device. By using this sort of definition, the lawyer can expect to get everything pertinent without having to worry about the difference between a server and a router nor does the subpoena need to overtly call out esoteric items such as USB drives and digital MP3 players.
In a similar manner, the term "data" has been legally defined to broadly encompass anything that a computer can store. The California Penal Code, section 502, says that, "Data means a representation of information, knowledge, facts, concepts, computer software, computer programs, or instructions. Data may be in any form, in storage media, or as stored in the memory of the computer or in transit or presented on a display device." Again, this is of benefit to the legal community since this eliminates any "wiggle room" when complying with a subpoena.
Interestingly, the terms "Damage" and "Injury" also have a wonderfully large range. They apply when computers or data are physically damaged, merely altered, or when legitimate access to either is denied. This allows prosecution and litigation over such varied threats as virus creation, conversion of resources or data destruction.