Computer Forensic Tools: The Use of Computers

Computer Forensic Tools:

The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of computer crimes, law enforcement agencies use computer forensic to investigate these offenses. Actually, computer crimes are governed by specific laws and dealt with through conducting a computer forensic investigation (Easttom & Taylor, 2011, p.337). Notably, a computer forensic investigation is usually carried out through the use of computer forensic tools, which help in collection of evidence based on the specific offense.

Programs for Recovering Deleted Files:

There are various programs that can be used for recovering deleted files such as UndeletePlus, Disk Digger, and EnCase Forensics, which are associated with different success rates and particular functions. UndeletePlus is a program that is available for $29.95 and is very easy to use since it involves selecting a drive and clicking the Scan button. The program will then list any or all deleted files it finds or discover in the recovery process (Easttom & Taylor, 2011, p.287). On the contrary, DiskDigger is a freeware, which has a wizard interface that takes the user through the process. This involves identifying the drive to scan, the type of search to be conducted, and the kind of files to search. EnCase Forensics the leader in digital forensics and available for $2,995 since it incorporates various features such as searching across various machines at the same time, automatic tasks, processing huge files at faster speeds, developing templates based on care profiles, and conducting more powerful queries.

These programs not only differ in costs and specific features, they also vary in the type of file systems supported. Since it works under nearly all Windows operating systems, UndeletePlus supports all Windows file systems for hard disk and removable disk drives such as FAT12/16/32, NTFS and NTFS5. As a result, this program is a quick and effective tool for retrieving files that have been accidentally deleted. In contrast, EnCase Forensics support FAT 12/16/32, NTFS, CDFS (CD-ROM), HFS, EXT2 (Linux), UDFS, and UFS (Unix) file systems. DiskDigger has an in-built support for different file systems like FAT12/16/32, NTFS, and exFAT systems.

Costs of Tools for Gathering Evidence from a Cell Phone:

Similar to computers, there are various tools that can be used to collect evidence from a cell phone with varying hardware and extra device requirements. Some examples for these tools include Paraben Software Device Seizure and Cellebrite UFED Ultimate, which differ in costs, features, and hardware requirements. Paraben Software Device Seizure consists of various features like file system acquisitions, logical and physical acquisitions, data carving, password bypassing, file viewers, advanced data parsers, and Google Earth integration. While it costs $1,795 for the first year on software and cables and $360 annual maintenance fee, it does not have any hardware requirements since it is software-based ("Paraben's Device Seizure," n.d.). On the contrary, Cellebrite UFED Ultimate costs $10,000 and comes with proprietary hardware, software, adapters, and cables. Its features include physical, logical, file system extraction and decoding while bypassing pattern lock / password / PIN from Android devices ("UFED Touch Ultimate," 2013). Some of the existing and deleted data obtained by this tool include call history, text messages, emails, location information, contacts, passwords, apps, media, calendar, GPS, and geotags.

Hourly Costs Associated with Certified Computer Experts:

Certified computer experts are usually a part of criminal and civil investigations involving computer crimes. These experts are needed in the investigations for various reasons depending on the specific scenario or case. Notably, the certified computer experts have varying hourly costs associated with them due to their specific roles in computer forensic. Generally, the hourly costs for computer forensic professionals range from $150 to $500 per hour depending on their qualifications (Easttom & Taylor, 2011, p.331). Some certified computer professionals who would be effective for a court case are experts with Cyber Security Forensic Analyst Certificate, a Certified Computer Examiner, and a GIAC Certified Computer Forensic Analyst.

Expert Deposition in Computer Crime Trial:

A recent computer crime trial that involved the use of expert witness or deposition is the New Jersey v. Dharun Ravi case. Dharun Ravi, a former student of Rutgers University, was convicted of a hate crime, tampering with evidence, and invasion of privacy. Ravi was found guilty of secretly using a webcam to spy on his roommate's private sexual encounter with another man in their dorm room (DeMarco, 2012). The high-profile case increased awareness of cyber-bullying and was helped by expert deposition. The expert witness was provided by an information technology analyst at Rutgers who reported that iChat connections were made with the defendant's computer from the witnesses' computers. Despite Ravi's attempt to tamper with evidence, the expert used computer forensic tools and processes to collect and record evidence.