Computing and the Internet

Before we dive into how law enforcement can gather evidence from computers we need to talk a bit about how computers work. This will help us understand how law enforcement can gather information that can then be used for evidence.

Every computer shares major components. For instance, within every computer you will find a motherboard, hard drive, processors, places to hook up peripheral devices, and even buses. Now to someone that knows very little about computers these terms can be confusing but in reality they are pretty simple to understand.

The motherboard could be considered the heart and soul of a computer. All other components within the computer are in one way or another are linked to or controlled by the motherboard. The main processor can be found physically on the motherboard and is very easy to spot. All data travels to and from this main processor on its way to its final destination. This brings us to buses. Many people may laugh at the term but it is quite accurate. You can think of buses as stable tubes that data can zip through and follow to various devices within the computer, sort of an access tunnel.

Various devices such as sound cards and video cards connect to the motherboard via slots and are referred to as expansion cards. This opens up a doorway to the different kinds of buses. Within a city, for instance, you might have a down town bus, and an up town bus. Within a computer you can have a PCI Express bus or a universal serial bus. There are other buses within a computer, but I breaking it down into simple terms because my time is a bit limited. Now both PCI Express and USB are used to attach devices to the computer. The PCI is mainly for expansion cards connected directly into the computers motherboard. These would be sound cards, modems, graphics cards, etc. The USB, however, connects various devices to the motherboard through a USB cable. This is perhaps the most commonly know bus. You might hook your camera to it in order to download your pictures or your mp3 player to load new songs. The USB is an industry standard this is why it will accept and run so many different devices and why anyone with a computer is familiar with it.

The final piece of hardware I want to cover is the hard disk drive. This is basically the computers brain where all information is stored. To access the memory of our hard drive we need programs. There are basically three kinds of programs that allow our computers to function properly. The first is the boot sequence which starts up the computer and really you will never work with. The next is the operating system this is the main program on your computer that allows everything to work together. You could think of it as a computers language and all devices attached to the computer have to speak the language to work. The last type of program is referred to as an executable program. These are designed to do a specific task, for instance, a word processing program, a game, or a graphics program. (Knetzger & Muraski, 2008) If you want to write a letter to your grandma, for instance, you wouldn't open a game but your word processing program.

Now we have a very basic idea of how a computer is put together and works. Law enforcement can use their knowledge of the computer to gather information that can later be used as evidence in a criminal case. Next we will look at some of the ways this is done.

The first tool in an officer's arsenal is the hard disk drive or to be more specific the slack space. This occurs in how the hard drive actually writes data. A hard drive never erases what is stored on it but instead it writes over that information in sectors. A sector can contain up to 512 bytes of data, but data to be stored rarely comes out to an exact 512 byte portion. So we will say that a particular sector has 482 bytes of information that leaves 30 bytes of the old data left retrievable. (Knetzger & Muraski, 2008) This retrievable data can be used in court as evidence.

Another powerful tool is the internet. The Internet is a global system of interconnected computer networks that transmits data uses the TCP/IP network protocols. ( Princeton University, 2009) The World Wide Web is a global hypertext system operating on the Internet that enables electronic communication of text, graphics, audio, and video. (Princeton University, 2009) The key word to remember here is ON. Everything on the World Wide Web can be traced ON the Internet. So every website you visit, every email you send can be traced using the Internet. This is possible because every computer attached to the World Wide Web has a unique address called your ISP. Think if the Internet as an electronic highway and your computer is an electronic car. The Internet records every move that your electronic car makes allowing law enforcement to trace your steps. This information can then be used in court.

References

Knetzger, M & Muraski, J. (2008) Investigating High-Tech Crime. New Jersey, US: Prentice Hall

Princeton University, (2009). WordNet Search - 3.0. Retrieved July 7, 2009, from http://wordnetweb.princeton.edu Web site: http://wordnetweb.princeton.edu/perl/webwn?s=internet