You may have heard about the BTK killer (bind torture kill) – a man named Dennis Rader whose serial killings spanned sixteen years in the Wichita, Kansas area. He was finally arrested after detectives were able to get information about him from a floppy disk he sent to police. Though he didn’st know it at the time, computers can leave identifying information on the floppy disks, hard drives, and other digital media. Forensic scientists who specialize in a field called computer forensics have the ability to analyze data produced by computers to gather evidence against a perpetrator.
So, how does information on a computer or another form of digital media give clues about a criminal’ss identity? The answer depends on the specific media involved, but can range from a list of websites visited on a computer to a call made from a cell phone. Unlike the jobs of other forensic scientists, a computer forensics exper’ss job does not involve identifying the origin of a known piece of evidence. Rather, it involves discovering any available information and analyzing it. Computer forensics carefully search the media, step by step, to locate all possible evidence.

In the case the BTK killer, an unknown person claiming to be the killer was sending letters to police that contained details about the killings as well as items that had been taken from the crime scenes. Then in February, 2005, the BTK killer sent a floppy disk with a letter. Computer forensics experts immediately analyzed the disk and found information in the form of data about a deleted document that was still on the disk. The information indicated the disk had been used at the Christ Lutheran Church in Wichita, Kansas and the document had last been modified by a user named “Dennis”. They soon zeroed in on Dennis Rader, the president of the church council. This evidence alone was not enough for an arrest, but it gave police a suspect to investigate further. Within weeks, police had arrested Dennis Rader in connection with the killings.

The process of searching digital media parallels the process of investigating a crime scene, in the sense that investigators don’st know ahead of time what they are looking for. Generally, the first step in a computer forensics analysis is to make a copy (also known as an image) of the data to be analyzed. Experts then use specialty tools, such as Guidance Software’ss EnCase to collect and analyze digital evidence. Special care must be taken to preserve data stored in the computer’ss memory that will disappear when it is turned off, and any other information that is lost when the computer is turned off.

The computer forensics expert must take detailed notes during every step of the process. These notes are used to write a full report about the analysis and its conclusions. If the computer evidence is used in a case that goes to trial, the computer forensics expert may be required to testify in court about the work.

Computer forensics is an ever-changing field of forensic science that is very much in demand, as you can see by looking at job sites like The field promises continued challenging and exciting career opportunities as digital media becomes increasingly pervasive.

About the author: Emily Nelson earned an M.S. in Electrical Engineering from the Massachusetts Institute of Technology before beginning her career as a science writer.