The Role of a Computer Forensics Expert

Computer forensic evidence first started to be applied to serious crime in the mid 80’s when personal computers started to be used in greater numbers and criminals deployed PCs for fraud and other crimes.

Today computer forensics is widely used across a much broader range of cases in both the criminal and civil arenas with crime still being the major area.

The Police routinely seize computers, mobile phones and other electronic equipment when investigating a crime and then run specialist forensic software to preserve everything on the hard drives and other media. They are able to un-delete material and to piece together email and internet histories to check what the equipment has been used for and when.

It is not usually until Defence Counsel advises that this evidence needs assessing that Forensic Experts outside the Police Force are instructed. Much of our work requires rapid deployment in order to complete our investigations before the trial starts. Typically this requires Legal Services Agency prior Authority (“Legal Aid”) which adds delay.

Many smaller firms of solicitors are unaware of the range of computer forensic services available and are unable to provide succinct, clear instructions. This often leads to unnecessarily large volumes of case data being sent (“bundle”).

One of the most commonly encountered pitfalls in forensic examination is data protection and the rights of the owners of data being examined. This needs to be dealt with properly and professionally.

As one of the most established computer forensic firms in the UK, IT Group have a wealth of experience backed by state of the art equipment and software to guide solicitors in this difficult field.

The output from an instruction is the expert report carefully written to comply with either the Criminal Procedure Rules (CrPR Part 33) or the Civil Procedure Rules (CPR Part 35).

Most work involves the analysis of mobile phones which are powerful computers in their own right. A combination of deleted content (SMS text messages, emails, call histories, contacts etc.) with positional information extracted from wi-fi data buried in the phone or cell-site data obtained from the phone company provide a wealth of evidence not only to prove what the user of the phone did or where he was, but importantly in a Defence situation, where that person could not have been.

It is essential to consider computer forensic evidence in all cases of a “not guilty” plea as the prosecution will typically only examine the evidence sufficient to support their case. Buried deeper in the data there may be other evidence supporting a different picture. Early engagement of a computer forensic expert is vital.