The American Society of

            Digital Forensics & eDiscovery, Inc

            For Digital Evidence Experts™

Origins of Computer Forensics

The computer forensics profession has very humble beginnings. It started over 30 years ago. In those days businesses ran on paper, with memos, invoices, and a host of other documents distributed by hand around the office and through the U.S. postal system.  Communication was via memos or a telephone call. Administrative armies churned out mounds of paper documents.

Today, businesses run through technology. Documents are created on computers and sent to other people via emails. It takes little more effort to email 20 people than it does a single person. These business documents are created in an astonishing range of formats, such as Microsoft Word, Excel, or Portable Document Format (PDF), among many others. These documents consist of memos, meeting minutes, invoices, and many, many more. Even the ubiquitous telephone has been replaced to a great extent with voice over IP systems.

The first techno business evolution occurred when business records migrated from paper to electronic format. Instead of using secretaries and dictation machines, many executives now type their own documents and emails. Extensive paper filing systems have given way to computer-based indexes and search algorithms. Locating a paper document could take minutes, even assuming there was a good filing system. Now, the computer system indexes everything and makes its contents available to searches, with results in seconds. Business saw technology as a way to become leaner and more efficient.

As business records moved to computer systems, auditors and financial investigators found that the documents they needed to prove their case against a business were locked inside its computer systems. To access those documents, special procedures and techniques had to be created to collect this information, search through it, and make it available in a court proceeding. Herein lie the origins of the computer forensics profession. There were numerous challenges in getting digital evidence into a courtroom. Digital information can be changed easily, and often those changes leave little or no audit trail. This necessitated the development of special processes and procedures to preserve the digital information in a manner more suitable for a court.

The second techno evolution occurred with the introduction of the smartphone. Not only did it eliminate the need for a home phone and allow a person to talk on the go; it allowed a user to carry billions of bits of computer data around in his or her pocket. These sophisticated devices contain a broad array of sensors and chips to store and process the information at an unprecedented rate, and a computer forensics professional is needed to properly collect, examine, integrate, and present this information to a court. As technology expands at a blistering rate, year over year, computer forensics will play an even greater role in the modern courtroom.  

Who are these professionals and where do they come from?

Computer Forensics Matures

In the early days, so-called computer forensics experts appeared from thin air. When questioned, it transpired that these modern-day carpetbaggers had taken two or three courses and then announced their expertise to the world. While this still occurs, there are also numerous well-known and prestigious universities which have created robust computer forensics curriculums. These programs are based within their computer science departments and are academically rigorous. Additionally, numerous professional associations work to elevate the standards to even higher levels.

Besides universities, there are two other areas which spawn computer forensics professionals. These are law enforcement departments and information security departments. While most law enforcement officers do not possess a university diploma, they are nevertheless flooded with digital evidence in the course of their working lives and must find a way to understand and process the information, in order to build their cases. Because these professionals have a naturally inquisitive nature, learning about new technology does not intimidate them. Additionally, they amass a wealth of knowledge in conducting street investigations. They bring this experience to the computer forensics profession.

Computer forensics professionals can also appear from traditional information security programs. Whenever a company suspects an employee has misbehaved, there is generally a digital component. They turn to their trusted infosec team to help them get answers. 

But some infosec professionals have gotten themselves into hot water by believing their computer security training makes them forensic examiners. While there is a small amount of overlapping knowledge when it comes to log files and the interaction of a computer on a network, computer forensics is very different from computer security. A network security person does not need to be able to explain what the Master File Table is or what it is used for. However, it is critical for a forensic examination on an NTF formatted hard drive.

Computer forensics has its roots in the auditing community. However, as technology has continued to change and to play a more informed role in our lives, it has grown into a profession of its own.

Digital Evidence Digest - Sign Up Today!

* required





Email & Social Media Marketing by


The American Society of

     Digital Forensics & eDiscovery, Inc™

     For Digital Evidence Experts™

       2451 Cumberland Parkway, Suite 3382 

       Atlanta, GA 30339-6157

       (866) 534-9734



Copyright 2021

All Rights Reserved

Powered by Wild Apricot Membership Software