The History of Computer Forensics

The advancing technology has brought with it good and bad results, with the benefits usually outweighing the negatives. One significant contribution of technological advancement is that of computer forensics, which pertains to evidence found in digital storage devices as well as computers. Its objective is soundly examining digital media forensically to have facts and opinions regarding digital information eventually. While it has become instrumental in today’s world, the history of computer forensics dates back to the 80s with the gradual evolution resulting in a relevant branch of digital forensic science.

Although it is hard to tell precisely when computer forensics began, many experts believe it started over 30 years ago. Its starting point was the United States when military investigators and other law enforcement officers realized that criminals were penetrating the technical field. Computers gained accessibility to consumers in the early 80s making it easy for people to commit computer crimes such as fraud and cracking. In response, government officials responsible for protecting private and confidential information began conducting forensic investigations. They aimed at investigating specific breaches and gaining insight on how to prevent potential violations that may arise in future. Computer forensics field grew as officials needed evidence to present in court for prosecution of those suspected of computer crimes.

Computer forensics grew over the following decades to the great resource it is today. While the military and law enforcement have maintained their presence in the field at all levels of government, other people continue to recognize its importance. Private entities now have computer forensics and information security experts on their payroll, with some opting to hire when need arises. Lawyers have embraced computer forensics and as a result, have professional investigators in a bid to solve legal disputes. Since digital evidence demands that it should be relevant, authentic and reliable, different countries have come up with guidelines for evidence recovery.

The growth of computer forensics has resulted in advances in ensuring authenticity and reliability of data. For instance, getting evidence to present in court will mean getting your hands on the computer itself. If a machine is still active, it is possible to lose data not stored in RAM if the power goes off. However, professionals can analyze information stored in RAM before the power loss because it has memory cells whose electrical charges can take time to disappear. Low temperatures help to recover data; therefore, such a RAM should be stored below -60⁰C to prevent loss of residual data.


Computer forensics process

Computer forensics involves four steps:


Acquisition entails remotely or physically obtaining the computer, external storage devices and network mappings.


It involves using tools and other software to identify the data that can be recovered, and retrieving it electronically.


Examining the data obtained and see if it is relevant to use against the suspect


It entails presenting the data to lawyers and other stakeholders in a manner they can easily understand.

Computer forensic techniques

Many techniques are in use to conduct forensic investigations, and some include:

Tracing IP address

Internet Protocol (IP) address tracing involves getting the real address of a suspect. It uses reverse address lookup meaning obtaining the number of servers that are between the destination and the source. However, technical experts are always finding ways to hide their IP address using specific software which other consumers can obtain at a subscription fee.


Nowadays you could be looking at a picture without knowing that it has a coded message inside it. The art of hiding information in photos, sounds or digital images is steganography. Discovering such data is difficult unless decryption software can identify the data. Computer forensic experts can also decrypt it by comparing the original image and the file hash such that if the data changes when the hash changes, then there is hidden information.



No matter the business you operate, so long as you have a computer or other digital media where you store information, you are at risk of computer crime. For this reason, computer forensics is continually gaining popularity across the globe in diversified industries. As a result, and in keeping up with demand, software companies are manufacturing innovative software programs to facilitate the fight against cybercrime. As for the military, they are training more of their personnel since crime continues to evolve and increase.