6.0 Article: Experts Must Think Like Criminals To Track Computer Clues

ARTICLE :Experts Must Think Like Criminals To Track Computer Clues.

No part of this information may be reproduced, republished or redistributed without the prior written consent of CMP Media, Inc.

It wouldn't surprise computer forensic expert Walt Manning if authorities were to find data about funding operations on PCs they seize during raids of suspected terrorists' homes. The retired Dallas police lieutenant says he's often seen it happen in criminal investigations. "We've had spreadsheets maintained by drug dealers that laid out their entire operation."

Financial data may just be the tip of the iceberg. Last fall, for instance, al-Qaida terrorists fleeing Kabul left behind a PC that contained hundreds of files that detail plots for assassinations and terror attacks.

While most evidence collected against terrorists probably won't be from seized or abandoned PCs, any information stored on such systems will come under close scrutiny. Investigators will rely on computer forensics, a technique to collect, analyze, and present data stored on a computer's hard disk that can be admitted as evidence.

They may have to think like criminals to find some of the data, Manning says. In addition to using encryption technologies, it's not unusual for criminals to burn incriminating evidence into the middle of a CD, with surrounding music tracks to hide the illicit data. Investigators who hear music might not bother to check the rest of the CD. And some lawbreakers no longer store data on their own PCs, so forensic computer experts must look for pointers on the computer to an online storage service the criminal may have employed.

Still, investigators can find evidence on PC hard drives. Files the user thinks are deleted often survive in unallocated areas of the drive. But computer forensic experts must be careful in how they access and duplicate data. "You need an exact duplicate [to present as evidence]. If the target drive has a bad sector, your copy must have a bad sector," Manning says. "You want to be able to swear under oath that nothing was altered." One of his favorite utilities is Guidance Software Inc.'s Encase, which allows the copying of a hard drive without altering files.


Copyright [copyright] 2002 CMP Media LLC

Source Citation:Chabrow, Eric. "Experts Must Think Like Criminals To Track Computer Clues." InformationWeek (Jan 14, 2002): 34. Computer Database. Gale. Universiti Kebangsaan Malaysia. 27 Aug. 2009


Nowadays there is nothing impossible or unusual for a computer forensic expert for instance Walt Manning, if he had been told that the authorities or to be specific the police finds the funding operations on the computers that they confiscate during the raids of suspected terrorists homes. There are many cases which results in the finding of various information. According to the retired Dallas police lieutenant, they had spread sheets maintained by drug dealers that laid out their entire operation.

A case that can illustrate the situation is the finding of a computer that contained hundreds of files regarding the assassinations and terror attack details by the al-Qaida terrorists which was left over behind after they flee to Kabul. However, this type of evidence collected from any abandoned or seized computer is not the most important source in obtaining the evidence. This is because the information is very important to them, thus, they will try to hide it as complicated and secretly as they could. Another example is on the latest case of Noordin Mat Top where the Indonesian police seized few laptops at their hiding place which was ambushed and caused the death of the Noordin himself.

This is when the computer forensic experts will exercise its skill which is to collect and analyze the data stored in the computer’s hard disk. There are so many ways in which the criminals used to store the information for instance the information regarding their group’s activities and also their future planning may be kept in an unexpected place such as in the middle of music tracks. Hence, when the investigators seized the cd and listen to it, he will not bother to check the rest of the tracks since he did not aspect the cd contains illicit data.

Fearing of their activities will be found out by the authorities, some criminals may no longer hide their important data in the hard disk. Therefore, the computer forensic experts must search for any clue that the criminals may use for instance online storage. For files that have been deleted by the user may be retrieved by the experts as the data is actually available and saved in an unallocated area. However, the experts must carry out their duty carefully and diligently so that the reliability of the data to be presented as evidence in court is unquestionable.

In our current situation, computer is part of our life as we crucially need it in various circumstances for instance to store data, send the data through email, modify the data and many more. It is not something new to our generation. The advancement of technologies by day to day is also coherent to the improvement of people’s skill in handling and managing the computer. Thus, the probability that the data will be saved in an unexpected manner is very high and that is why the investigators must think like the criminals in order to obtain the information.

In my opinion, the criminals nowadays are very creative in hiding the illicit data and also the means of escape. Actually, there are few factors which contribute to this matter but the most important factor is the exposure and the media influence. Nowadays, there are stories regarding crime solving for instance CSI and many more. Not to deny the story line are very interesting but these types of stories indirectly provide the idea to the criminals on how they should act and escape from the authorities. Although the main objective of these series is just to entertain the people, but, some may use it negatively for their own good.

In a conclusion, the experts must do a lot of research especially when it comes to the way the criminals think in order to make it easier for them to collect the illicit data which then leads to the criminal’s trail.



Brown Jason said...

Good computer tracking software will help you to log and trace all your computer's activities and IP address even though you are away from your computer.