Subscribe to Blog Updates

The Role of a Computer Forensic Expert

Posted: 12-Feb-2016 11:00:00
Author: Tony Sykes


Computer forensic evidence first started to be applied to serious crime in the mid 80’s when personal computers started to be used in greater numbers and criminals deployed PCs for fraud and other crimes.

Today computer forensics is widely used across a much broader range of cases in both the criminal and civil arenas with crime still being the major area.

The Police routinely seize computers, mobile phones and other electronic equipment when investigating a crime and then run specialist forensic software to preserve everything on the hard drives and other media. They are able to un-delete material and to piece together email and internet histories to check what the equipment has been used for and when.

It is not usually until Defence Counsel advises that this evidence needs assessing that Forensic Experts outside the Police Force are instructed. Much of our work requires rapid deployment in order to complete our investigations before the trial starts. Typically this requires Legal Services Agency prior Authority (“Legal Aid”) which adds delay.

Many smaller firms of solicitors are unaware of the range of computer forensic services available and are unable to provide succinct, clear instructions. This often leads to unnecessarily large volumes of case data being sent (“bundle”).

One of the most commonly encountered pitfalls in forensic examination is data protection and the rights of the owners of data being examined. This needs to be dealt with properly and professionally.

As one of the most established computer forensic firms in the UK, IT Group have a wealth of experience backed by state of the art equipment and software to guide solicitors in this difficult field.

The output from an instruction is the expert report carefully written to comply with either the Criminal Procedure Rules (CrPR Part 33) or the Civil Procedure Rules (CPR Part 35).

Most work involves the analysis of mobile phones which are powerful computers in their own right. A combination of deleted content (SMS text messages, emails, call histories, contacts etc.) with positional information extracted from wi-fi data buried in the phone or cell-site data obtained from the phone company provide a wealth of evidence not only to prove what the user of the phone did or where he was, but importantly in a Defence situation, where that person could not have been.

It is essential to consider computer forensic evidence in all cases of a “not guilty” plea as the prosecution will typically only examine the evidence sufficient to support their case. Buried deeper in the data there may be other evidence supporting a different picture. Early engagement of a computer forensic expert is vital.

For more information about IT Group and our digital forensics service, contact us on 0845 226 0331 or email

Related Blogs:

Proportionality: Getting to the bottom of high technology expert evidence

The Challenges of IM applications in a Mobile Forensic Investigation

Cell Site Analysis - The Myths, Lies & Truth

Share this article

facebook-yellow.png    twitter-yellow.png    Linkedin-yellow.png    pinterest-yellow.png    google-yellow.png