that a lot of events take place on a computer unbeknownst to the user. It's important that law enforcement realize that there are issues relating to processing computer evidence in order to protect their findings."
Enders recalled a recent scenario in which the FBI confiscated a computer as possible evidence. But when the computer was examined, files were found on it that were dated after the date of search warrant. "So they had contaminated the evidence," said Enders. "We couldn't use it."
Enders said there are certain steps law enforcement agencies should learn to take in order to avoid being accused of contaminating computer evidence. Attending forensic computer science courses like those offered at FLETC or other institutions is the best course of action. There are also many books now published on the topic.
"It's important to law enforcement to know that information is still out there even though it may be hidden. They can resurrect information on hard drives that had been erased, for example. Or if someone deletes a file -- the information is often still there."
Establishing dates for undated files and identifying backdated files are also valuable skills. Enders said those techniques are more complicated and very few in the world can accomplish them at this time.
Enders, who spent 25 years as a special agent/computer specialist with the Criminal Investigation Division of the IRS before retiring in 1995, has helped form a new company, New Technologies Inc., headquartered in Oregon. "Almost all paper records have turned into computer records," said Michael Anderson, a partner in the company. "That's why this has become so important. The 'crooks' use other computer tools now to run efficiently."
"Our team knows how to do these complicated procedures," said Enders. "Now we want to develop software to automate the process and allow others to do it too."