We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is Computer Evidence?

Malcolm Tatum
By
Updated: May 16, 2024
Views: 18,865
Share

Computer evidence is data that is harvested from a computer hard drive and utilized in the process of a crime investigation. Because it is relatively easy to corrupt data stored on a hard drive, forensics experts go to great lengths to secure and protect computers that are seized as part of the investigative process. Extracting the data must take place under highly controlled circumstances, and must be accomplished by law enforcement professionals that are specifically trained in the process.

It is not unusual for computers to be collected whenever they are found at a crime scene. For example, when an individual is found murdered in his or her home, there is a good chance that any laptop or desktop computers found at the scene will be confiscated. In like manner, if an individual is arrested on suspicion of some type of fraud or embezzlement, his or her personal and work computers are likely to be collected for analysis by experts.

The process of looking for computer evidence begins with a thorough review of all files found on the hard drive. In order to accomplish this, the hard drive is carefully screened for any hidden or secured files that may not be readily apparent. Because hard drives save copies of files that are deleted from public directories, experts involved in the forensic investigation will seek to locate and extract files that were deleted. This is important, since there is a chance they would include data that could confirm guilt, or possibly provide proof that the individual arrested was not involved in the commission of the crime.

Many different types of files may yield computer evidence that can aid in solving a crime. Visual images, emails, spreadsheets, and other common types of files can be encrypted and hidden in various caches on the hard drive. Experts know how to find these hidden caches, access them, and view the contents of those caches. Many operating systems automatically perform this function even when files are deleted, creating copies that are placed in the hidden caches. This means that even if the criminal has taken steps to wipe incriminating evidence from the hard drive, there is a good chance one or more of these hidden caches are overlooked and can be extracted by law enforcement.

Collecting computer evidence is a highly skilled task that is usually conducted in specific steps. Once the computer is confiscated, it is transported to a secure site. Only a limited number of authorized individuals have access to the system while it is being mined for possible evidence. Because the mining and extraction is conducted under such stringent conditions, it is virtually impossible for the hard drive to be tampered with. This makes it possible for any evidence collected to be useful in the ongoing investigation.

The use of computer evidence in court has gained more acceptance in recent years. Concerns about tampering or damage to the evidence in years past sometimes led to restrictions on how much evidence collected from computers could bear on a given case. However, as law enforcement has enhanced its methods for preserving and protecting hard drives from possible contamination, more legal systems around the world are viewing computer evidence as fully admissible in a court of law.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Malcolm Tatum
By Malcolm Tatum
Malcolm Tatum, a former teleconferencing industry professional, followed his passion for trivia, research, and writing to become a full-time freelance writer. He has contributed articles to a variety of print and online publications, including EasyTechJunkie, and his work has also been featured in poetry collections, devotional anthologies, and newspapers. When not writing, Malcolm enjoys collecting vinyl records, following minor league baseball, and cycling.
Discussion Comments
By Melonlity — On May 11, 2014

@Markerrag -- then again, people might just get better at finding ways to eliminate incriminating files from a computer. It's kind of a catch-22 for law enforcement in that regard.

What is fascinating is that more people are becoming aware of how law enforcement can find even files that were thought to be deleted and are finding applications that are supposed to completely get rid of that information. Most of those applications, however, don't work terribly well. Although people are aware of modern investigative techniques, they still can't do much about them.

Criminals develop new techniques to destroy computer evidence, but law enforcement finds way to counter those techniques. Knowledge of that little fact may, in fact, serve to deter crime.

By Markerrag — On May 10, 2014

It would be fantastic if more people knew that what they store on their computers can often be uncovered even if steps are taken to erase incriminating evidence. If more people knew about modern investigative techniques when it comes to computer crime, perhaps they would be deterred from engaging in criminal activities online or anywhere else a computer is used.

Malcolm Tatum
Malcolm Tatum
Malcolm Tatum, a former teleconferencing industry professional, followed his passion for trivia, research, and writing...
Learn more
Share
https://www.easytechjunkie.com/what-is-computer-evidence.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.