Electronic evidence analysis is referred to as computer forensic analysis, digital discovery, electronic digital discovery, computer analysis, and computer examinations. It is the process of identification, preservation, interpretation and documentation of evidence recovered for presentation in civil or criminal court.
The analysis of electronic evidence assists in recovering deleted files and searching the slack and unallocated space on a hard drive, places where valuable and hard to find evidence frequently resides. It will trace on windows artifacts for clues of what the computer has been used for. More important is knowing how to look for the artifacts, and evaluating the relevance of the information. A good analyst knows how to process those hidden files that contain past usage information for use in court.
Professionally trained, highly skilled forensic technicians and specialists can recover data from a floppy disk, USB keys, hard drives, servers, CF cards or SD cards, smart phones, cell telephones, backup tapes, and flash card memory sticks. Data recovery can be performed with a digital forensic solution using the latest technology while recovering data critical to your case. Electronic Evidence Analysis has advanced significantly which makes forensic technicians or specialists work of analyzing evidence a bit easier and more reliable compared to past methods. Electronic digital evidence acquirement, search, filter and consolidation of data, electronic mail’s and files can be performed on virtually any type of media including hard drives, flash drives, SSD drives, USB sticks, cell phones, backup tapes, CD-ROM, Zip disks and floppy disks and virtually all digital devices that collect or store data, text, messages, etc.
Computer forensics is also capable of running a string-search analysis on electronic mail to reveal key evidence and the computers usage for correspondence. This string-search analysis is run against recovered data, to accomplish a full analysis of all files on the computer, including files that have been deleted and, or lost because the hard drive was formatted.
Here are few examples on how analyzing electronic evidence provides assistance to a private investigator in specific tasks and scenarios:
- Marital Infidelity Cases: where the forensic recovery or analysis of evidence is used to find evidence, trail of an unfaithful husband or wife.
- Employee theft: By analyzing emails, documents and correspondence on the employees computer, a data trail of evidence can be reconstructed to prove wrong doing.
- Evidence acquisition: Deleted mails erased SMS Text messages, cellular phone messages archives and others.
- Harassment cases: victims receiving harassment via phone, and, or email.
Evidence Acquisition:A forensic evidence acquisition acquires ALL data from an electronic device to preserve and use it as evidence which includes computer logs, cell phone calls electronic mail and determining if data files were copied to other devices. A forensic examiner can analyze electronic mail headers and log files to trace IP addresses of users, senders and hackers.
Intellectual property theft
Murder and attempted murder cases
Mergers and acquisitions
Because of the increased usage of computers, the amount of electronically stored data, email correspondence and business records stored has exploded. As a result, electronic evidence is being used more and more to prove innocence or guilt in litigation. It is virtually impossible for a suspect to destroy all evidence because so much information is passed, shared and stored on computers. In many instances an email can be used to recreate data trails pointing back to the suspect so it is important to try and identify which computers a suspect may have used as well as colleagues and associates.