As technology advances, the world has gotten a better grasp over the Internet, digital life, and computer systems and as a result, we have become dependent on it. We have grown so accustomed to it that life seems impossible to get through without it. Recently, we have seen a growth in computer-related or conducted crimes. Government systems, corporations, and individuals are constantly targeted by malicious hackers. Because of this, we have seen the creation of the branch of computer forensics whose purpose is to collect, analyze, and identify these transgressions. Not only does this concept facilitate finding computer crimes, but it is also used to analyze information on computer systems in order to find evidence for different types of felonies.

Computer forensics joins the elements of law and computer science to be able to analyze data from computer systems in a way that can be used as evidence in a court of law. When conducting this type of forensics there are a series of procedures that are to be followed.

The initial step is identification in which the examiners seek to understand the scenario and the specific reason why the forensic investigation is being done. Then we have the collection of data, which is the most critical step. Since the analysis is going to be made later, it is dependent on the evidence gathered from this data. The collection of data should be completed while maintaining integrity and transparency. This step also has to be executed in a timely manner as important things such as ‘ambient data’ can get lost. This is a type of information that cannot be seen or viewed by a common software application, an operating system, nor it is found in files which means it takes a longer time to acquire.

After all the data is collected, we do what is called extraction of evidence in which standard procedures are used to take out valuable and relevant information from the data. Once all the evidence is sorted, they move on to its analysis in which the examiner uses the collected evidence to narrow down the suspect list in order to convict them.

When all relevant information to the crime is analyzed, they move on to the concluding step which is reporting. Here, the examiner is expected to record the procedures used to gather the data and document the process used to analyze it. The goal is to be able to present only the findings that are backed up by evidence.

Although it may appear to be a simple process, some criminals have found smart ways to make it difficult for investigators to find valuable information in their computer systems. This is called anti-forensics which is a set of tools programmers design to make it difficult to retrieve information. One of the most well-known ways to hide data is called encryption which uses a complex set of rules to make data undecipherable. A different way to protect data is by using “slack space” which is found in some files; programmers will use this to hide sensitive information. Many programmers also use applications that will erase data if an unauthorized user tries to access it.

Like anything, computer forensics has its advantages and disadvantages. It is a relatively new field that has revolutionized the world of crime investigation. Its main benefit is that it gives examiners the ability to sort through large amounts of data efficiently while saving time. It also allows valuable data that has been lost or deleted to be restored to its original form. Like any tool, it comes with its setbacks. The main one is that since the evidence is being stored digitally, the information can be easily modified. Because of this, examiners have to follow a lengthy process to ensure data isn't manipulated. Another significant disadvantage of this field is its cost. Since examiners are paid per hour and retrieving data can take up to 15 hours the cost tends to be high. Although this field contains some setbacks, they can be solved by being thorough in your work and paying attention to the little details. It will prevent mistakes or accidental tampering with the data. After all, evidence can only be captured once, meaning all of the hard work is worth it.

There is no denying that computers are getting more and more powerful; meaning that the field of computer forensics is constantly evolving and adapting. In the early ages of computers, it would only take a single detective to go through files because of the low storage capacity. Now with so many different methods and techniques to store information, it takes more patience and dedication. This field allows detectives to discover new ways to search for evidence without having to use many resources in the process.