"Computer forensics is the analysis of data processing equipment-- typically a home computer, laptop, server, or office workstation-- to determine if the equipment has been used for illegal, unauthorized, or unusual activities. It can also include monitoring a network for the same purpose."

I would immediately add that computer forensics also includes examining the causes for failure of the hardware, software, or configuration of computers to establish liability. Far more often than is commonly known, negligence on the part of the vendor, integrator, administrator, or service provider caused the loss.

• The supplier of one company's server failed to provide adequate cooling to the hard drives as specified in their installation guide directly leading to a catastrophic failure.
• Another company lost all of their leads and accounting due to a known bug in the application which had been corrected by an update almost two years before the vendor installed the software.
• To solve a problem, the technician renamed a file to "badsec.tor"; but, from then on, the backup aborted each time it reached that file and, when the car took out the transformer outside the building, almost 400 million dollars of records were gone.
• The receptionist at a major law firm gave herself a $40,000 raise because the low bidder for the new server had made everyone an "administrator" rather than spend the time to set it up correctly.
• In order to get the broadband internet working, the technician disabled the client's antivirus software and left it that way.

These are just a few examples of actual situations I have encounterred where the accepted definition of computer forensics needs broadening; even though they surely fall within it's scope.

The more common computer forensics; finding the evidence of infidelidty, unethical behavior, or illegal activities is far simpler and consists primarily of inspecting a computer's hard drive in such a way that it's contents are not alterred and that any evidence found can be reproduced from the original in court, if necessary.

What will diferentiate forensics experts then are two factors; their experience with computers and their ability to present evidence in a clearly understandable manner. When I say experience I do not mean with forensics specifically; but rather with the myriad of software packages, how computer users utilize those packages, and what evidence they leave behind.

So, in closing this document, it is time for me to differentiate myself.

Since 1976, I have been immersed in all aspects of computer services and have solved well over 100,000 problems of every scope and kind. Forensics became one aspect of those services in the early '80s when the local police needed proof of where stolen computers originated. Since then I have provided evidence for cases heard in three states and U.S. federal courts involving both criminal and civil litigation.

I am also routinely complimented on my clarity and ability to communicate complex technical issues in clearly understandable terms.

And, unlike most forensics experts, I simply bill for the time spent with no surcharge for appearing in court which gives you the ability to explore possible evidence inexpensively and to control the extent to which you want my efforts expended.

As always, should you have any questions or problems, please feel free to contact me by Email or by phone.

Sincerely,

Davis M McCarn
Computer-Help.Net
184 Eaglecrest Drive
Matthews, NC 28104
(704) 882-7551 or
(704) 609-1970 cell
Email: davism@computer-help.net

© Davis M McCarn 2005 All Rights Reserved