Law, murder and the science of computer forensics

Law, murder and the science of computer forensics

by Ann MacDonald, December 2009

WhenCollege Professor Thomas Murray was tried for the 2003 murder of his ex-wife, many pieces of evidence were brought into play. Among them were his blood found at the crime scene and the video of his ten-hour interrogation by police. But, surprisingly, neither of these counted as the most novel and compelling piece of evidence. That was found somewhere else: Murray's own computer.

When police investigators searched his home and computer, they found several incriminating search terms he had entered into the Yahoo search engine. Among them were the terms "how to murder someone and not get caught" and "murder for hire." While Murray claimed he was just doing research for some writing he was thinking of doing, this evidence, combined with his growing anger toward his ex-wife in their custody dispute, was very damning.

Did the police really have the right to search Murray's computer and enter his previous searches into evidence? In a word, yes. Once there was enough to point to Murray as a suspect in the brutal crime, a search warrant was issued for his residence. His personal computers were covered by the search warrant and investigators confiscated them.

Court cases including 1999's United States vs. Gray have allowed investigators to include all of the files on a computer as part of the evidence they peruse during a search, once a warrant has been issued. So, once the warrant is issued, anything on the hard drive is fair game. Some rights of privacy no longer apply when someone is an accused criminal.

But how did the investigators learn what terms Murray had previously searched for? People known as computer forensics specialists can help. Computer forensics is the practice of investigating computers and computer data for the purpose of gathering evidence, usually for legal reasons. In other words, computer forensics experts specialize in digital evidence.

Computer forensics is used to track down emails from suspects, evidence of financial or trade fraud, hacking, theft or destruction of intellectual property and, as in the Murray case, even murder. Computer forensics specialists analyze all of the files on a confiscated computer and even restore deleted files. Unless a hard drive has been reformatted, experts can usually recover files that have been erased.

Specialized software helps computer forensic specialists look for other data that most people do not realize has even been saved anywhere. This includes things like transcripts of "chat" or "instant messenger" sessions, emails that have been sent, any data that is entered into any online forms, and the terms that users have entered into search engines online. In addition, while the Internet often feels anonymous, computer forensics experts can easily track the origins of emails and other online messages using numeric computer addresses.

Most days no one cares what terms you search for from your home computer. Despite the fact that someone could learn what you are typing on your keyboard, in reality no one will ever breach your perceived privacy. But, you would be wise to remember that if you are suspected of a crime, or just the target of a hacker, your personal computer data really is not all that personal.