| When you hear of computer forensics, the first thing | | | | computer crime to employee misconduct, to such |
| that pops to mind might be a Crime Scene Investigator, | | | | mundane tasks as figuring out why your virus scanner |
| pulling the plastic sheet off of a computer and | | | | isn't working. |
| inspecting for signs of a struggle. Nobody really ever | | | | The point is that everything you do on a computer |
| talked about forensics in daily life until they started | | | | leaves a mark. Deleting a file from your hard drive is |
| making those scientifically accurate prime time cop | | | | not same thing as deleting all the evidence that it was |
| shows, so of course, simple word association generally | | | | ever there. Just as every room in your house holds |
| leads us to forensic sciences being "Something cops | | | | some DNA evidence, be it a hair, saliva, or a toenail |
| do, right?" | | | | clipping, no matter how well you vacuum and shampoo |
| Incidentally, the science behind computer forensics | | | | your carpets, there will be some evidence that this is |
| really isn't much different from the science between | | | | your home. The same goes with computers. You can't |
| crime scene forensics. In both instances, the forensics | | | | do anything on a computer without a computer expert |
| team or expert is looking for a trail of evidence. In | | | | being able to figure out exactly what you've been up |
| either case, the investigator looks at what has | | | | to. |
| happened, determines how it happened, and from that, | | | | One issue that many find confusing with regards to |
| deducts who might be responsible. | | | | computer forensics ... how legal is it, really? |
| The major difference between the two is that, while | | | | This depends on the context. Here's all you need to |
| an investigator on the scene of a robbery or a violent | | | | know if you're considering hiring a computer forensics |
| crime is looking for physical evidence, the computer | | | | team, but aren't sure if you can: |
| forensics investigator is looking for digital evidence. | | | | If you suspect an employee of breaking company |
| Interestingly, where physical evidence can often be | | | | policy or even breaking the law with a computer that |
| misleading, confusing, ambiguous, and difficult to put | | | | belongs to the company, you do have the right to take |
| together without the help of witness statements, digital | | | | a look at the computer they've been working any time |
| evidence tends to present itself in a much more direct | | | | you like. |
| manner. | | | | It gets a little trickier when an employee is working on |
| A computer keeps logs of pretty much everything that | | | | their own computer. This isn't a dead end, but it may |
| has been done with it. For example, besides your | | | | be a little trickier. Luckily, you don't always have to look |
| browser history, there's also your temporary internet | | | | at their computer to find evidence of what they've |
| folder, where information from the web is stored on | | | | done on their computer. In any case, go ahead and call |
| your computer. So, say an employee is watching | | | | your forensics people, and they should be able to |
| YouTube all day when they're supposed to be | | | | advise you on how far you can go to gather the |
| working. Even if they're smart enough to clear the | | | | evidence you need in order to take action. |
| browser history, the temporary internet files may still | | | | Really, computer forensics is simply the art of finding a |
| hold the evidence that will earn them a warning. | | | | trail of evidence on computers, simple as that. You |
| That's only a very simple example, of course. | | | | never know when you'll need such services, so it's a |
| Computer forensics addresses everything from | | | | good idea to keep them in mind in case you ever do. |