NCJ Number
179200
Date Published
1999
Length
6 pages
Annotation
This paper provides an overview of the new law enforcement field of forensic computing, which is the process of identifying, preserving, analyzing, and presenting digital evidence in a manner that is legally acceptable.
Abstract
The three primary activities of forensic computing are media and electronic device analysis, data communication analysis, and research and development. Some rules of forensic computing that will ensure its evidence will survive judicial scrutiny are as follows: minimal handling of the original data; documentation of the nature, extent, and reasons for any changes that occur during a forensic examination; compliance with the rules of evidence; and refusal by examiners to undertake any examination that is beyond their current level of knowledge and skill. Current and future issues for forensic computing include the size and usability of the Graphical User Interface (GUI) computer operating system, data volume, digital devices, and encryption. Many law enforcement agencies throughout Australia must recognize the contribution that forensic computing can make in the investigation of crime, and in turn must ensure that such a contribution is supported and promoted. Failure to do so will cause these agencies to be outsmarted by technologically competent criminals, who readily recognize the advantages of using new technologies in the commission of crimes.