The Danger In Computer Forensics Of Neglecting Old Storage Media

12 January 2010

With hard drive capacity growing exponentially and new methods of storing data appearing on the market all time, the world of computer crime prevention has naturally focused on keeping up with new technologies.

However, for computer forensic analysts, whose job it is to extract legally admissible data from computers and other electronic devices, there is an increasing danger that they will not be prepared to cope with old media that has all but fallen out of usage.

For example, if a person was suspected to have viewed or distributed indecent images of children, law enforcement officials would typically confiscate the suspect’s computer, mobile phone, USB storage devices and any other electronic media that might hold data. But what if the suspect’s home contains a tape cartridge, zip drive or old-style 8-inch floppy disk? Where a quick response to an incident is crucial, there is the potential for an investigation to be delayed if a computer forensic analyst does not have the skills or equipment to read old media.

Of course, some may argue that by its very nature, it would be unlikely that a suspect would actively use archaic media to store new information, but of course, the possibility of this assumption could be exactly what drives a criminal to use this method.

For this reason, remaining up-to-date as a computer forensics practitioner is as much about looking back as looking forward. Those who have only been in the profession for five years, for example, may never have handled a zip drive, so their training will necessarily involve gaining practical experience with archaic media as well as cutting edge technologies.

Similarly, laboratories must have access to equipment which can read such media, as well as software capable of acquiring an image of the data that is perfectly exact. This must be planned for in advance, since much of the widely used modern forensic software cannot deal with old media. If methods are not perfected, or data imaging is attempted without prior experimentation, this could see the evidence contaminated or changed and thus rendered inadmissible in a court of law.

Ultimately, the need to be able to deal with all forms of electronic storage media means that the bank of expert knowledge required of a computer forensic expert is growing continually. The growing popularity of university degrees in computer forensics will no doubt increasingly be forced to find the balance between old and new, while computer forensic investigators and software developers will have to keep on their toes to address and manage the growing body of knowledge required to do their jobs.

Talk to our consultation team today

Contact Us

I can honestly say that your excellent customer service and communication has made our forensic instructions to you exceptionally easy. I am very conscious of the amount of time I must have taken up with various queries, requests, and then changed requests but you have always been very patient, polite and extremely helpful.

Case Review Manager - Criminal Cases Review Commission