Jude LaCour - Computer Forensics

With email now the most common form of communications, email investigation is a core service of computer forensics. Email can provide a trail of evidence that includes source and direct and third party recipients. It can also contain sensitive and confidential messages as well as other attached documents or files.

As a member of the defense team or an individual suspected or charged by the authorities, email investigation and computer forensics is essential. Read the full store here….http://www.lacouronline.info

Proper Procedures for Preparing Devices for Jude LaCour Forensics (JL-Forensics.com)

By Jude LaCour

Expert testimony supported by science and technology was formerly accepted without question. As technical evidence is becoming more commonplace, it is also falling under more public scrutiny. Computer evidence, for example, needs to be processed and documented thoroughly in order to stand up to being challenged in court. However, done properly, computer forensics can be a defense team’s strongest support.

As a defense attorney or private citizen suspected or charged with a crime, you might require computer forensics services. In that case, how do you best prepare any items that a computer forensics team might need to analyze?

Much like any type of evidence, preservation of computer evidence is essential to it’s processing. Therefore, the more you know about preparing for a computer forensics team, including handling items and documenting all your steps before handing them over, the more you can safeguard against potential problems.

Foremost, you must take proper security steps in protecting the information stored in items such as desktops, laptops, and other storage media like portable hard drives or CDs/DVDs. Something simple such as turning on or off the unit without following the proper recommended steps (which you should follow anyway in daily use), for instance, might cause serious damage to the information stored and to the investigation itself.

The following are some simple tips and techniques to keep in mind

• Never touch the physical structure of the device. As all evidence presented in court, the item cannot be contaminated. Fingerprints and other physical evidence must be left undisturbed. In addition, the device must be left where it is. You should not move it.
• As previously mentioned, proper documentation must be taken in all steps dealing with evidence. For example, before a computer unit is moved, you should take a photograph of it. The computer screen especially should be photographed before the unit is shut down for transportation as any information displayed onscreen might be crucial evidence. Unfortunately, it might also be the only remaining evidence should something unexpected happen to the unit during transport.
• The device or any peripheral devices attached to it (such as printers, cables, and more) should never be used or touched as well.
• Be careful with electrical outlets, switches, surge protectors, or any power supply that might cause the device to shutdown unexpectedly if accidentally touched. Again, this could lead to data loss.
• If the device is attached to a network, wait for the expert to take a look at it. Information is shared in networks and any outside interference might compromise the data stored.

In conclusion, being aware that any action on your part might compromise computer evidence and taking the steps to prevent and prepare will make your computer forensics team more efficient and effective on the job. Data loss, especially, is a common problem resulting from being uninformed. Simple mistakes we probably make daily in handing computer devices can obstruct your computer forensic team’s thoroughness and threaten the investigation altogether.

Learn more about Computer Forensics at Jude LaCour Computer Forensics (JL-Forensics.com).