The Power of Computer Forensics in Criminal and Civil Courts
Anyone who was beyond infancy in the mid – 1990’s will remember the O.J. Simpson trial that dominated all the news and broadcast channels worldwide. The image of Simpson trying on the gloves and shaking his head was purposefully burned into everyone’s minds. Later, during the closing arguments, Johnny Cochran, OJ Simpson’s defense attorney, uttered the classic “If it does not fit, you must acquit.” This was the age of the physical, palpable evidence. Criminals were sentenced or let loose because of bloodstains, gloves, and knives. Fast-forward 10 years. Now, criminals are being accused of and convicted for crimes because of the astonishingly powerful and increasingly resourceful personal computers.
As more and more people had access to personal computing systems at home and as computers advanced, especially with the rise of the Internet and the ability to store vast amounts of media on a small hard drive; new categories of crimes were created. This resulted in the emergence of computer forensics as a means for experts to catch criminals using digital evidence. Computer forensics, a branch of digital forensic sciences, involves the application of computer investigation and analysis techniques to solve a crime and provide evidence to support a case. Investigators often use proprietary forensic applications and software programs to examine computer hard drives, extract relevant data from files and folders, and also recover information from encrypted files. This digital information is then organized and documented into an official report to be presented in the court.
There are very few areas of crimes where computer forensics cannot be applied. Computers may either hold evidence in the form of internet history, emails, and other data applicable to the crime committed, as well as metadata (a set of data that describes and gives information about other data); or computers may constitute a ‘scene of crime’ for example with hacking or Denial of Service(DoS) attacks.
Computer forensics investigators use a variety of techniques for data extraction and preservation; however, regardless of the forensic technique used, they follow a basic standardized process:
- Secure the device so the data and equipment are safe.
- Locate all files on the system (encrypted, password protected, hidden, deleted, etc.).
- Recover as much deleted information as possible.
- Reveal the content of all the hidden files.
- Decrypt and access protected files.
- Analyze special areas of the computer’s disk (non-allocated spaces).
- Document every step of the procedure.
Computer forensics has been a part of some of the biggest and wildest cases in recent memory, making criminals wish they had lived in simpler times when the police had to gather physical evidence to put them behind bars. Here are three cases that show the power of computer forensics in criminal and civil courts:
1. The BTK Killer: For over 30 years, the identity of this deranged criminal remained a mystery to the Kansas police and FBI. BTK (Bind, Torture, Kill) strangled 10 people between 1974 and 1991. During his reign of terror, he often taunted the police with letters and poems but they could not link the killings to anyone. After 10 years of silence, in 2004, he sent the police a floppy disk with a word document. Computer forensics experts uncovered metadata on the disk that connected it to a “Dennis” at Christ Lutheran Church within few hours. Dennis Rader is now serving 10 consecutive life sentences in the Kansas prison.
2. Corcoran Group: This lawsuit occurred over a very insignificant crime; it was filed against the Corcoran Group, accusing them of selling a condominium that flooded during storms without disclosing this information to the buyer. Computer forensics investigators discovered that the Corcoran Group defendants had deleted many emails related to the case once the trial began. This case changed the legal precedent on the storage and deletion of electronically stored information making it an obligation to preserve it while a lawsuit is underway or seems likely to occur in the future.
3. The Craigslist Killer: Julissa Brisman was murdered and another woman was kidnapped and robbed after they met individuals through Craigslist. Computer forensics was a key factor in helping law enforcement narrow down their suspect within a week of the attack and murder by following the digital trail left behind by the suspect. Law enforcement agents tracked the IP address from the emails used for Craigslist to communicate with the women leading to the arraignment of a 22-year-old medical student, Philip Markoff. Jake Wark of the Suffolk County, in an interview with Computerworld said: “The digital technology involved was crucial in identifying the suspect. The investigation results in the recovery of an abundance of cellular, wireless and other electronic evidence.”