Our Members:

Origins of Computer Forensics

The computer forensics profession had very humble beginnings. It started over 30 years ago. In those days, businesses ran on paper, with memos, invoices, and a host of other documents distributed by hand around the office and through the U.S. postal system. Communication was via memos or telephone calls. Administrative armies churned out mounds of paper documents.

Today, businesses run through technology. Documents are created on computers and sent to other people via email. It takes minimal effort to email 20 people than it does a single person. These business documents appear in an astonishing range of formats, such as Microsoft Word, Excel, or Portable Document Format (PDF), among many others. These documents consist of memos, meeting minutes, invoices, and many more. The voice-over IP systems replaced the ubiquitous analog telephone.

The first techno-business evolution occurred when business records migrated from paper to electronic format. Instead of using secretaries and dictation machines, many executives now type their documents and emails. Extensive paper filing systems have given way to computer-based indexes and search algorithms. Locating a paper document could take minutes, even assuming there was a sound filing system. Now, the computer system indexes everything and makes its contents available for searches, with results in seconds. The business saw technology as a way to become leaner and more efficient.

As business records moved to computer systems, auditors and financial investigators found that the documents they needed to prove their case against a business were inside its computer systems. Accessing those documents required special procedures and techniques, which had to collect this information, search through it, and make it available in a court proceeding. Herein lie the origins of the computer forensics profession. Initially, there were numerous challenges in getting digital evidence into a courtroom. Digital information can change easily and leave little or no audit trail. Unique processes and procedures preserve digital information in a manner more suitable for a court.

The second techno evolution occurred with the introduction of the smartphone. Not only did it eliminate the need for a home phone and allow a person to talk on the go, but it also allowed a user to carry billions of bits of computer data around in their pocket. These sophisticated devices contain a broad array of sensors and chips to store and process information at an unprecedented rate. A computer forensics professional must properly collect, examine, integrate, and present this information to a court. As technology expands at a blistering pace, year over year, computer forensics will play an even more significant role in the modern courtroom. 

Who are these professionals, and where do they come from?

Computer Forensics Matures

In the early days, so-called computer forensics experts appeared from thin air. When questioned, it transpired that these modern-day carpetbaggers had taken two or three courses and then announced their expertise to the world. While this still occurs, numerous well-known and prestigious universities have created robust computer forensics curriculums. These programs are based within various departments and are academically rigorous. Additionally, countless professional associations work to elevate the standards to higher levels.

Besides universities, two other areas spawn computer forensics professionals. These are law enforcement departments and information security departments. While many law enforcement officers do not possess a university diploma, digital evidence is ubiquitous during their working lives. They must find a way to understand and process the information to build their cases. Because these professionals have a naturally inquisitive nature, learning about new technology does not intimidate them. Additionally, they amass a wealth of knowledge in conducting street investigations. They bring this experience to the computer forensics profession.

Computer forensics professionals can also appear from traditional information security programs. Whenever a company suspects an employee has misbehaved, there is generally a digital component. They turn to their trusted information security team to help them get answers. 

But some information security professionals have gotten into hot water by believing their computer security training makes them forensic examiners. While there is a small amount of overlapping knowledge regarding log files and the interaction of a computer on a network, computer forensics is very different from computer security. A network security person does not need to be able to explain what the Master File Table is or its user. However, it is critical for a forensic examination on an NTF-formatted hard drive.

Computer forensics has its roots in the auditing community. However, as technology has continued to change and to play a more informed role in our lives, it has grown into a profession of its own.

Recent forum updates

Tuesday, December 27, 2022 7:52 PM • Janet Smith
Wednesday, December 14, 2022 8:13 PM • David Benton
Wednesday, December 14, 2022 7:19 PM • Janet Smith


The American Society of

     Digital Forensics & eDiscovery, Inc®

      For Digital Evidence Experts™

      2451 Cumberland Parkway, Suite 3382 

     Atlanta, GA 30339-6157

     (404) 919-1143











Copyright 2024

All Rights Reserved

Powered by Wild Apricot Membership Software