In a new book on the subject, former FBI agent Mark Politt defines the field of computer forensics as being the pursuit of “evidence in cyberspace” and the “application of science to the problem of digital evidence.” Certainly, recent advances in computer forensics have revolutionized the capabilities of investigators seeking to fight and prove crime, given the increasing use of technology for organizational purposes in all our lives, including those of wrongdoers.
The computer forensics practice involves the scouring of technological devices for evidences of instances of crime. These could, for example, be detected by searching records of computer use hidden within a system hard drive, or by detailed logs of Internet activity undiscoverable by the regular computer user. Or, collections of e-mails or digital communications could be compiled, either from computer drives or from external server records traceable by officers.
Crimes committed via highly technological devices themselves are the area in which computer forensics is most useful. For example, older-style conventional crimes such as blackmail, fraud, or even harassment can be carried out more clinically today than ever before with computers, online banking servers, and e-mail and instant messaging software.
But as well as these, crimes themselves dependent on new technology, such as corporate hacking, advanced piracy, or e-mail “phishing,” are equally targets for computer forensics officers seeking to prove and stop crime. Finally, computer forensics is also useful to officers involving conventional, non-digitally executed crime. Communications or plans drawn up by digital technology can make for decisive evidence.