Considerations in a Computer Forensic Analyst’s Job
Computers have greatly improved our lives. Unfortunately, technology can also prove to be a sophisticated weapon or aid in crime. Criminals today are more technologically aware and capable to keep up with the times. The interest in forensics has increased due to popular television shows.
However, the whole process is actually more meticulous and draining to do in comparison to the scenes on television. One of the aspects of the investigating team would be the computer forensic analyst. Like any other job they have a number of things to consider.
Due to the advancement in technology, law enforcement agencies have also incorporated computer science in their legal process. Crimes using computers and information technology were originally sporadic. However, with the advent of modern technology influencing everything we do, criminals knew they have to keep up with the times. The internet became a haven for those who commit fraud.
A day in the job
Watching forensic television shows don’t exactly depict a day in the job of forensic investigators. The tasks that they do are mentally draining and time consuming. They may look interesting due to great camera angles and effects but in reality it takes lots of patience and a keen attention to details.
Computer analysts are more concerned with analyzing computer systems to find out if they have been used or illegal activities or crimes. They also find out if the suspect’s compute contain evidence that may contribute to the investigation of the case.
Electronic evidence can be gathered from different sources. An example of this is the company’s work. The analyst can gather the information in three parts. First at the suspect’s workstation, second on the server he accessed and lastly at the network which connects the two.
Like any other piece of evidence the information gathered must be handled carefully. It also must follow the standards of admissible evidence so that it will be accepted in court. The analyst can only use methods and tools that has been tested and evaluated to make sure that they reliable and accurate. Tools can be verified by the Defense Cyber Crime Institute at no cost.
The original evidence must be handled as little as possible so that the data will not be modified. Electronic data can be easily changed compared to physical evidences. Analysts must also be cautious of viruses, damages and traps.
After the evidence has been analyzed the analyst establishes and maintains the chain of custody. The evidence will then be stored in its proper place. After the examination has been finished the analyst documents his or her reports and findings. This also includes everything that he has done so far in his investigation. The analyst has to keep in mind that they should exceed beyond their knowledge approach the investigation without bias.
If the original evidence had somehow been damaged or changed, it will not be admissible in court anymore. In this case the analyst must consider what time operations were inconvenienced. Apart from that the analyst should also consider how the sensitive information will be handled that was discovered unintentionally.
Analyst must also be careful in handling digital evidence from an owner that has not given any consent for the investigation. This happens in most cases. Apart from the evidence being inadmissible in court the analyst can also be sued.