Computer forensics in the real world is not like in movies or on TV

Primetime TV computer investigators can do amazing things. Within a matter of minutes, the heroes of "CSI" or "Law & Order" always manage to uncover the critical e-mail or file that closes the lid on the criminal. While most of these shows profess to be based on the truth, somewhere along the way it gets distorted, condensed and slapped with a coat of creative license.

Latest News » National-Oilwell, Varco set to close merger » Continental's Panamanian affiliate buys Colombian airline » Office building planned for Sugar Land Town Square » Dynegy agrees to settlement to reduce emissions in Illinois » TA Associates invests $75 million in Cardtronics More » Companies in the News » People in the News

In the real world, computer forensic experts are indeed modern-day sleuths who find digital clues that others thought were carefully deleted. However, instead of solving a case in less than 60 minutes, most successful computer forensics experts still rely on old-fashioned hard work and research, with a dash of modern day technologies. Computer forensics has begun to revolutionize the way evidence is gathered and used as proof of a crime. And with any revolution, there's always a bit of myth surrounding the truth.

Myth 1: It's like it is in the movies.

In real life, computer monitors do not explode in a shower of sparks unless there are extreme circumstances, viruses are not malevolent entities, and a teenage "hacker" working with a Radio Shack processor and an analog phone line cannot break into the Pentagon's mainframe. This is roughly akin to the television private eye doing a somersault, coming up on one knee, shooting the gun out of the villain's hand and then walking away with no legal repercussions or police intervention.

Myth 2: Hacking into someone else's system is accomplished by inserting a diskette into a computer, tapping a few keys, and "wham!" the hacker is in the system, free to roam about at will.

Connecting to another system can be tricky under the best of circumstances. Network connection and speed, DNS and IP protocols, and different operating systems, can cause problems even when both parties are willing and working to connect the systems. Accessing a system under unauthorized circumstances is a painstaking task that can take literally months of concentrated effort.

Myth 3: Finding out the bad guy's password takes about two seconds. Three if you stop for coffee.

Ignoring the film cliché of breaking into the suspect's office (a major felony in and of itself), inserting a diskette and tapping a few keys resulting in instant access, determining a suspect's password without the use of specific tools requires extensive knowledge of the target, much as a suspect in a serial murder case would be profiled. Likes, dislikes, family names, hobbies, habits, favorite books and movies, pets, anything and everything needs to be known by the investigator before even a guess can be made. There are password "crackers" available, but it takes days, weeks and sometimes months of continuously running multiple processors in what is called a "brute force attack" to access a password protected machine.

Myth 4: Evidence on a computer is always in a separate folder that is right in front of the investigator.

Today, there are more ways to hide or disguise the vital information an investigator is looking for than there are individual software programs. Steganography (hiding information in a JPG, GIF or BMP picture file) is more and more prevalent. A new trend is "going back." In this day and age of various editions of Windows, Unix, Linux, Lindows and Mac, many people have forgotten or are completely unfamiliar with manipulating files under old DOS shell commands, making it extremely easy to confound or obstruct an investigation.

Myth 5: Computer investigations are always safe and there is never a risk.

An individual suspected of trafficking in child pornography booby-trapped his desktop computer with a fragile glass vial of concentrated acid balanced on the hard drive, the theory being that any movement of the unit would cause the vial to drop and break, destroying any evidence and possibly injuring whoever touched the machine. When the investigator arrived, it was only his noticing what appeared to be small cigarette burns on the desk that alerted him. Knowing the suspect did not smoke, the investigator moved very cautiously until the vial was found and carefully removed.

In another case, a prototypical "computer nerd" was suspected of sending terrorist threats to a former employer. When the investigator went to the suspect's home to interview him, the mild-mannered "geek" pulled out a pistol and fired a shot. Luckily, the bullet missed, and the investigator was able to summon local authorities. An examination of the suspect's machine revealed detailed plans to kill his former employer and the employer's family.

Myth 6: It's easy to snatch credit card data and steal identities on the Internet.

The media makes a tremendous deal when a database is hacked, but the chances of a credit card thief actually zeroing in and obtaining information when a consumer makes a purchase through Amazon, or eBay is slight at best. Which is not to say that a person should not pay attention to all statements and review his credit report annually at the least, but the chances of one individual being targeted successfully are astronomical. One of the greatest strengths in online transactions today is that there are literally hundreds of millions going on. Zeroing in on a specific name is impossible.