What is it like to be a Computer Forensic Analyst’s
Computers have greatly improved our lives. Unfortunately, technology is also proven to be a vital weapon or aid in modern crimes. Criminals today are more technologically aware and capable to keep up with the times. The interest in forensics has increased due to popular television shows.
However, the whole process is actually more meticulous and draining to do in comparison to the scenes on television. One of the aspects of the investigating team would be the computer forensic analyst. Like any other job they have a number of things to consider.
Due to the advancement in technology, law enforcement agencies have also incorporated computer science in their legal process. Crimes using computers and information technology were originally sporadic. However, with the advent of modern technology influencing everything we do, criminals knew they have to keep up with the times. The internet became a haven for those who commit fraud.
Computer Forensic Analyst’s Duty
Watching forensic television shows don’t exactly depict a day in the job of forensic investigators. The tasks that they do are mentally draining and time consuming. They may look interesting due to great camera angles and effects but in reality it takes lots of patience and a keen attention to details.
Analyzing Computer Systems & Gather Electronic Evidence
Moreover IT analysts are more focused with analyzing computer systems and programs to find out if they have been used in illegal activities or crimes. They also find out if the suspect’s compute contain evidence that may contribute to the investigation of the case.
Electronic evidence can be gathered from different sources. An example of this is the company’s work. In fact a computer analyst can collect the information in three steps. First at the suspect’s computer, second on the server he logged in and finally at the network which connects the two machines.
Like any other piece of evidence the information gathered must be handled carefully. It also must follow the standards of admissible evidence so that it will be accepted in court. The analyst can only use methods and tools that has been tested and evaluated to make sure that they reliable and accurate. Tools can be verified by the Defense Cyber Crime Institute at no cost.
The original evidence must be handled as little as possible so that the data will not be modified. Electronic data can be easily changed compared to physical evidences. Analysts must also be cautious of viruses, damages and traps.
Handling Electronic Evidence Data
After the evidence has been analyzed the analyst establishes and maintains the chain of custody. The evidence will then be stored in its proper place. Furthermore after the examination has been finished and finally analyst has his results. Hence he documents his reports and findings properly. This also includes everything that he has done so far in his investigation. It is also very important for analyst to bear in mind that they should exceed beyond their knowledge limits and approaches the investigation without bias.
If the original evidence had somehow been damaged or changed, it will not be admissible in court anymore. In this scenario the computer analyst must think what time operation was inconvenienced. Apart from that the analyst should also consider how the sensitive information will be handled that was discovered unintentionally.
Analyst must also be careful in handling digital evidence from an owner that has not given any consent for the investigation. This happens in most cases. Apart from the evidence being inadmissible in court the analyst can also be sued.