April 21, 2011 Articles

The Boundaries of Computer Forensics

Attorneys can use this basic framework when working with experts and clients to determine what can and cannot be done with computer forensics.

By John Mallery and Joan K. Archer, J.D., Ph.D.

It has been several years since the Federal Rules of Civil Procedure were modified to address electronically stored information (ESI) as part of the discovery process. Although not always viewed as pleasant, most lawyers have accepted that e-discovery is a necessary part of their practice.

One part of the e-discovery process—computer forensics investigation performed by experts—is not routinely used. Nevertheless, computer forensics can be a valuable tool in identifying relevant and responsive electronic data that may not be located using standard methodologies. One reason attorneys may be hesitant to use computer forensics is because they lack a true understanding of what can and cannot be done by a forensics expert. Moreover, the experts themselves may further confuse matters by providing varying information concerning the scope and limitations of the services they can provide. The only real common denominator is the price—they all seem quite expensive. Not surprisingly, it would be difficult to recommend that a client spend money on computer forensics when counsel cannot readily explain with clarity what the process will likely accomplish.

This article provides practical information concerning the scope and limitations of computer forensics. Key areas of forensic analysis and terminology are discussed, including explanations concerning the types of information that may be gathered through a forensic investigation. The topics discussed below are not intended to be exhaustive; rather, they provide a basic framework that attorneys can use as they work with experts and clients regarding what can and cannot be done through computer forensics.

Premium Content For:
  • Litigation Section
Join - Now