Private Investigations: What is Computer Forensics?

Since the computer and the Internet were invented, it has made our lives easier. The computer has great benefits, especially when it comes to forensics and the gathering of evidence, a field which is also known as computer forensics. Many private investigators offer computer forensic services.

Computer forensic science pertains to information found in computers and digital storage medias to use as evidence in court against a presumptive criminal. The mission is to identify, preserve, recover, analyze and present facts about digital data, and had been most often used in investigating a wide variety of computer crimes, and can also be used in civil proceedings. e-Investigations International offers computer forensic services as well.

Since the Internet is widely used nowadays and creating a fake online identity is such an easy thing to do, the emergence of computer forensics began to protect people from cyber-crimes like hacking, identity theft and cyber-bullying. Computer forensic investigation involves recovering and investigating digital evidence that can be used in court.

As criminals become more technically inclined, more crimes will continue to be committed online. And, naturally, if you are the victim of a cyber-crime, your first instinct would be to find out who has done this to you. And the perfect person to hire for this job? Why, a private investigator, or course! While the investigator him or herself is probably not the person who will be doing the forensic analysis, contacting a PI is probably the easiest and most consumer-friendly way of hiring a computer forensics specialist.

Famous investigations involving computer forensics

Many people have been convicted in court with the help of computer forensics and private investigative work. Some of the more popular cases would be:

Dennis Rader: also known as the BTK Killer who had been convicted of numerous serial killings that happened for almost seventeen years. Investigators cracked this case with the use of a floppy disk that was sent to the police department, the Metadata (data which is embedded in files or stored externally from a separate file that contains information about the file, the author, date of creation and so on) within the files contains and author’s name ‘Dennis’ and a location at “Christ Lutheran Church” that helped lead to his arrest.

Joseph Duncan III: a spreadsheet on his computer contains plans to commit crimes that were used against him in court that showed premeditation of crime and was convicted to death penalty.

Sharon Lopatka: hundreds of emails on her computer led investigators to her killer, Robert Glass.

Dr. Conrad Murray: Michael Jackson’s doctor who was partially convicted due to the digital information that the investigators found on his computer that shows medical information pertaining to lethal dosage of Propofol.

Computer forensics: The standard process

In conducting a computer forensic investigation, there are standard processes that are usually followed, they are:

  • Acquisition
  • Examination
  • Analysis
  • Reporting

Though with the advanced technology nowadays, CF still faces issues when it comes to investigating cybercrimes and other crimes involving computers, may it be hardware or software. What usually happen is due to technical, administrative and legal problems. To understand clearly, further details will be discussed about the issues that investigators faced.

Technical issues

One of the major problems in conducting a CF investigation is when a technical issue occurs. A technical issue usually happens when the computer was accidentally or automatically shut down that hinders the investigators to retrieve or copy data from the prospect’s computer for evidence or due to:


Let’s face it. Encrypted data’s are impossible to open without the correct password or keys. Investigators who handle the case usually have problems in retrieving evidence with encrypted computers. Acquiring data through live acquisition is impossible or quite hard to do.

Live acquisition is the process where the investigator or examiner would run a small program in the suspect’s computer to copy the data to the investigators storage device. By doing so, the investigator will have to make changes in the suspect’s computer which are not done on his presence, however, the evidence that will be found in the suspect’s computer are considered admissible in court.

Going back to encryption, in retrieving data from the suspect’s computer, the investigators have to consider that passwords or keys might be located on the other computers that he had access to, or it could be stored in the volatile memory (also known as RAM) of the computer which is usually lost upon the computers shut down.

Increasing storage space

In copying or acquiring data from the suspect’s computer, an ample space for the investigators storage device must be considered because the stored information in the suspect’s computer are larger or greater than the investigators storage device sometimes or perhaps due to the fact that the stored media and multimedia files holds a large amount of storage space.

New technologies

With the evolving technology today, new computer devices, software, hardware and operating systems are emerging to compete with the latest technology. And honestly speaking, no single investigator is an expert in all areas of CF. In order for the investigators to deal with the situation, they have to be prepared and able to test and conduct experiments with the behavior of technology nowadays, especially when they haven’t experienced this situation before.


Anti-forensics is a practice where in someone is trying to contravene CF analysis. There are ways to do anti-forensics, it could be through encryption, over-writing of information that makes it unrecoverable, modification of files in metadata and even ingeniously disguising files. Rest assured, anti-forensic tools had been improperly used or the individual isn’t knowledgeable about the program that hinders him in doing such act.

Legal issues

There are certain issues that lead to legal actions, one of which that an investigator is charged with legal actions by the suspect himself in doing CF investigations without his knowledge or consent. An example of which, is acquiring evidence through live acquisition, a subject that had been discussed above in encryption.

One of the reasons is by accessing the suspect’s computer that has an installed program called “Trojan Defense”. The Trojan Defense got its idea that happened during the Greek War, as told by the story in Greek Mythologies wherein the warriors hid inside the wooden Trojan Horse that was taken to the city they siege. Just like the Trojan Horse, The Trojan Defense has been a computer code that is disguised as benign, however contains a malicious purpose and contains hidden information.

With the help of a competent opposing lawyer, it is arguable by law that certain documents or evidence are caused by a Trojan Defense that leaves no trace on the suspect’s computer and supplied with the help of a competent computer analyst.

Administrative issues

Administrative issues can also hinder CF investigations. One of which is due to standards and the ability or competence in doing the job. To further explain:

Acceptable standards

Unlike other types of investigation, computer forensics has complex guidelines and standards that the investigators have to consider and must follow, though only a few are universally accepted. The reason why standards have to be imposed is because of:

  • The bodies that set the standards are tied to particular legislations
  • The aims of the standards are EITHER by law enforcement of commercial forensics, BUT NEVER in both
  • The authors of the standards are not accepted by their peers; or
  • Due to high fees in joining for professional bodies that dissuades the practitioners in practicing CF

Competency to practice CF

There is no qualifying body in certain jurisdiction to check the integrity and competence of the investigators in CF. There are cases that someone can present themselves as CF professionals that may result in questionable CF examination results that leads to an overall negative view.

In doing a computer forensics investigation, there are certain techniques to master the art of CF, however, the techniques we’ll be discussing is used in law enforcement.

Cross-drive analysis

The technique involves combining hard storage devices that can lead to single evidence. Though still on the process, this technique can be used to identify social networks and do anomaly detection.

Live analysis

It’s basically the same as Live Acquisition, wherein the investigators copy the suspect’s files from the computer by making changes in the program and installing a file to copy to the investigators storage device.

Deleted files

This technique involves the recovery of deleted files with the use of modern forensic software that can do the job easily. Though most operating systems and file systems do not permanently erase data from the computer, the investigators can reconstruct deleted files from physical disk that meticulously search for known file heads in the disks images and deleted materials.

Stochastic forensics

Using this technique, the investigator reconstructs digital activities and codes from the suspect’s computer, and analyzing the emergent properties. This method is widely used to detect and investigate insider date theft, by someone who had a technical authority to access the data from the software and hardware of a computer.


This technique involved hiding data in an image, for example, a pornographic picture or any given image that the suspect doesn’t want to be discovered. What the investigators do to decode this image is that they compare the hash of the original image to the files that was encrypted, though the image may appear exactly the same, however the hash is different.

Nowadays, due to the advancing technology CF investigations are needed, most especially in decoding evidence that may help in court. There are now available certifications in CF, namely:

  • ISFCE Certified Computer Examiner
  • Digital Forensics Investigation Professional (DFIP)
  • IACRB Certified Computer Forensics Examiner

There are also institutions that offer programs and certificates for CF, such as:
The International Association of Computer Investigative Specialists (IACIS) – Offering certified computer forensics examiner (CFCE) programs.

There are certain companies as well that offers proprietary certificates on their products, and they are:
Guidance Software – they offer (EnCE) certificates on their product tool EnCase
AccessData – they offer (ACE) certificates on their product tool FTK
PassMark Software – they offer (OCE) certificates for their product tool named OSForensics
X-Ways Software Technology – offering (X-PERT) certificates for their software product named X-Ways Forensics

Though there are no college courses for computer forensics, these certificates and courses can assure the victims and those individuals who need the help of the private investigators that they have the competency to solve the case.

Questions People Ask me about Online Signatures

c0rtex_online_signature_post_headerE-signatures (aka online signatures) are gaining so much attention and popularity these days not only because they provide a fast, convenient and easy way to sign different kind of documents, but also due to the fact that when you decide to go electronic with all of your transactions, it helps you save a lot of time and effort. Not to mention being able to save money and space because you no longer have to print tons of documents, and you no longer have to worry about de-cluttering your workspace from all of the documents stacked and spread across your table.

But an electronic signature is a new concept or idea to most, and since I’m a computer expert I am often asked questions about this technology. This blog post aims to help people who are trying to understand what electronic signatures are all about.

Will they work with my mobile devices?
Yes, they will. There are already a lot of applications that are available in the Google Play Store, Apple iOS Application Store, Windows Store and Windows phone. With these applications, you can prepare documents and send them for signatures, or can sign them yourselves. That makes a lot of your work very easy, doesn’t it?

Icon of the world and title text in graphic form
These days, many countries have actually already legalized the use of electronic signatures, and those countries include the United States, Canada, United Kingdom and a lot more. And you can use e-signature in multiple languages as long as it is legal in your country.

Is it safe and secure to use an electronic signature?
Yes, it is safe and very secure to use. Each of the electronic signatures is unique; they are also encrypted, tamper-evident and ready for documentation. Your e-signature service provider will guarantee that your transactions are confidential and that a multifaceted verification of signing events is provided. My favorite service provider, Signority, even uses cloud-PKI technology for further security.

Are electronic signatures the same as digital signatures?
No, but a lot of people use the terms interchangeably. Here are the differences: an electronic signature or an e-signature is an electronic way of indicating that you are agreeing or that you approve of the contents of a certain document. A digital signature is one form of an electronic signature and it provides a specific way of enabling the users of making sure of the authenticity of the e-signature and of the one who signed it. A digital signature also refers to a technology used to know if a person can trust the authenticity of the document or if a signature is valid through the use of a private and public key pair.

Did I miss something? Let me know!

Want to Learn Computer Programming?

Almost any person can learn to program. You will find only a few requirements (like accessing a computer), and you do not have to be a genius. (Well… it will help if you are a genius, I suppose, however, you don’t HAVE to be one).

This short article addresses some of the motivations you may have for wanting to learn to system computers, looks at some things to think about, and discusses a few various ways to start learning now!


What exactly is it you want to do?

There are a lot of reasons for attempting to learn computer programming, and what you want to do with it can help guide you throughout choosing your path in learning. Maybe you are interested in programming as a profession. In that case you will want to make sure you are mastering things that will make you attracting those who hire programmers. However, you might just be looking for a interesting hobby, and in that situation you can let be a extra casual about what you learn and also focus only on things that attention you.

Maybe you need to handle various applications you use at the office. For example , perhaps you want to preset a word processor to do sending labels or a spreadsheet to perform customized financial forecasting, or possibly you want to write computer games, and still have a cool web site, or… the reason why are endless, just as the items you can do with a computer are usually.

The languages you learn is going to be influenced by these things, along with the approach you will want to take while you begin to learn to do computer-programming.

What resources do you have accessible?

Time, money, people who will help guide you, computers, books, encoding clubs, classes, programming community forums… these are all resources which will be handy as you are learning to plan.

If you have a lot of time and cash, a computer, and access to finding out opportunities like college courses and developer group meetings, you’ll likely be able to learn at a quick pace. If you can only spend an hour or so each day, and you don’t have your personal computer, and you can only get one or two books, you will have to change your expectations a bit. But either way, or someplace in-between, you will be able to learn to software.

What is the level of your inspiration?

This is a very important consideration. That isn’t going to be easy. You are going to have to keep going even when things appear impossible and you can’t discover the answers you need. It takes a fair amount of brain power, will power, and also the ability to work things away. You will be well served if you possibly could muster a “stick-it-out” type of attitude.

One of the attractions associated with computer programming is that there is a large amount of problem solving, and you will have to resolve a lot of them both while you are learning as well as when you are using your abilities to do useful things. It requires a lot of interest and commitment to stick with it long enough to obtain somewhere – if this nevertheless sounds good to you, in all probability you’ll do okay.

So , how to begin?

There are a lot of ways to go about starting. You can get started today, regardless how you are going to approach this on the long run. Here are a few tips on getting going quickly:

* Learn with baby steps – Begin with something very easy, and add into it. There is no advantage to bouncing in with both feet until you have unlimited time and sources.

* The quickest method to start might be to use a vocabulary that comes with software you already have. For example , you can do a great deal of programming in Microsoft Word using Visible Basic for Applications. There are many commercial software applications that include a method to enhance them using coding or scripting languages.

2. Here is another idea to get started quickly: There are easy languages available with almost every operating-system (Windows, Linux, Mac) with regard to automating your repetitive duties. For example , in Windows you should use VBScript. Again – an easy internet search will get you plenty of information.

* Pick a much more full featured language that can be found free – To get started using the least expense and as rapidly as possible, one approach would be to download a programming atmosphere for free on the internet. For example , you are able to download the Ruby terminology and everything you need to work with this for free. Another example will be the Microsoft. NET Express different languages (VB. NET or C# are good choices) – once again, you can download everything you need free of charge from Microsoft. A little search on the internet on either “Ruby Language” or “Microsoft. NET Express” will get you all the information you need.

* Use the internet – You already know this or you more than likely be reading this article, however the internet is full of resources to assist you learn to program. That makes feeling, since the internet has been developed and programmed by developers. A lot of programmers are willing to discuss their knowledge through totally free tutorials, forums, tips websites, and articles. You will find hyperlinks to a lot of good resources simply by doing a simple search. Something is certain, there is no shortage of info.

* Work with what you possess, or what you can easily obtain – To get started quickly, a strategy to adhere to do something right away to hold doing something every day. Quickly you will be better able to judge exactly what areas are most interesting for you and best fit your needs, along with where to get the information you need to maintain progressing.

* Buy utilized books – Many of the guide sellers on the internet now provide used books through a system of thousands of book re-sellers and private individuals. You can save lots of money this way.

* Once you begin, write simple programs which help you automate something that is actually wasting your time. For example , if all every day you make a back-up of the files you labored on during the day by copying the actual files “by hand” to some cd, you could write a course that automatically searches your own working folders and duplicates the files for you — without you having to do anything. The extra time you get through each little helper program you write is time you need to use to learn more about programming.

* Look for a computer developers”user group” somewhere near you. Almost all bigger cities have such organizations that meet on a regular basis : usually monthly. Many of these conferences are free, and usually they provide delivering demonstrations on “how-to” do numerous programming tasks. They often also provide study groups and novices sessions. Not all languages are generally represented in all cites rapid but anything is better than absolutely nothing, so it can be worthwhile to attend any meeting of this type that you can find that is within an acceptable distance.

* Take a starters course at a local community university or extended studies system. These classes are usually offered by a very reasonable cost, and can help you get started. I have found a number of these classes available on line instructions and if you are eligible for access, it can be very convenient to have a course this way.

It’s time to get started
Development can be fun, challenging, useful, along with profitable. Not everyone has the nature or interest to become a a lot of the time programmer, but almost anyone who are able to use a computer can learn how to do something useful or enjoyable with computer programming. If you think it really is something you might enjoy, however encourage you to give it a try and find out what it’s all about. It will take time and dedication to be proficient, but it all starts having a single step. So now could be the time.