Copyright (c) 2008 Steve Burgess

Pc forensics practices and procedures can diverge drastically depending upon no matter whether the investigation is criminal or civil litigation. Standards for data collection evidence can be distinct, as can the process of information collection and imaging. Furthermore, the consequences of the case might have significantly various impacts.

A couple of quick definitions could be in order. Criminal law deals with offenses against the state – the prosecution of a individual accused of breaking a law. These offenses might include crimes perpetrated against an individual. “The People”, in the form of a state representative (for instance, the District Attorney) makes formal charges and the accused ought to then face the government’s full resources. Guilty outcomes can result in fines, probation, incarceration, or even death.

Civil law covers everything else, such as violations of contracts and lawsuits between two or much more parties. The prevailing party often is entitled to payment, property or services from the loser. Imprisonment is not at problem in civil circumstances. As a result, the regular for evidence is not as high in civil cases as in criminal circumstances.

For the law enforcement laptop or computer forensics specialist, a certain amount of extra care ought to be taken in collecting information and producing outcomes, for the standard of proof is higher. There are benefits on the information collection end, nonetheless. For as soon as a court has authorized a search warrant, an officer (and possibly numerous) with badge and gun can go seize the defendant’s computer by surprise and by force. Once the laptop or computer has been seized and imaged, all data is accessible and may possibly result in additional charges being brought against the defendant.

By contrast, in a civil case, there tends to be a lot of negotiation over what computers and what information can be inspected, as well as where and when. There is not likely to be any seizing of computers, and fairly a lengthy time may possibly take location between the time the request to inspect a computer is made and the time the laptop or computer is produced accessible to be inspected. It is typical for 1 party to have access to a extremely limited region of information from the other party’s computer. During this time, a defendant may take the chance to attempt to hide or destroy data. The author has had several circumstances wherein the computer necessary for analysis was destroyed just before the plaintiff had the opportunity to inspect. Such attempts at hiding data are usually discovered by the digital forensic sleuth, who may possibly in turn present evidence of such further wrongdoing in professional witness testimony.

Opportunities for understanding methods and interacting with other experts might differ as well. Even though some laptop or computer forensic software suites and training, such as Access FTK, EnCase, or Intelligent Forensics are offered to most who can pay, other people, such as iLook are obtainable only to law enforcement and military personnel. While several support and professional organizations and groups are available to all, some, such as the High Technologies Crime Investigation Association (HTCIA) are not open to professionals who supply for criminal defense (with a couple of minor exceptions).

Police, Homeland Security, and other law enforcement personnel’s objective is to generate a body of evidence considerable enough (presuming such evidence exists) to locate the criminal defendant guilty. The standard for information presented to the court and jury in such a case is fairly high. From the time digital information or hardware is seized and acquired, Rules of Evidence should be kept in mind (Cornell University has the complete and voluminous code on its site). Law enforcement personnel ought to follow accepted procedures or evidence could be thrown out. Acquisition of information and discovery in criminal cases usually must follow often strict and differing procedures depending upon whether or not the jurisdiction is federal, state, or municipality and at times depending upon a judge’s preferences.

The expert in a civil case could not analyze all of the information on a computer at a really deep level Initial efforts could rather be a type of reality-finding mission, intended to figure out the value of digging deeper and at greater expense. As such, the initial presentation of data could be fairly informal, and be just sufficient to induce the parties to settle the case. On the other hand, the information found may possibly be so minimal the line of inquiry into electronic evidence is dropped.

Though we use numerous of the exact same tools, personal computer forensic experts in private practice and those in law enforcement are held to various standards, have access to diverse resources, and their work results in substantially diverse outcomes between the criminal and civil instances to which they contribute.