Chapter 8: Computer Basics for Digital Investigators


Although digital investigators can use sophisticated software to recover deleted files and perform advanced analysis of computer hard disks, it is important to understand what is happening behind the scenes. A lack of understanding of how computers function and the processes that sophisticated tools have automated make it more difficult for digital investigators to explain their findings in court and can lead to incorrect interpretations of digital evidence. For instance, when recovering deleted directories, there is a chance that two deleted directories occupied the same space at different times. Additionally, every tool has its limitations that a competent digital investigator should recognize and address. For instance, an automated tool may only be able partially to recover a deleted file - a digital evidence examiner may be able to locate the remainder of the file.

This chapter provides an overview of how computers developed, how they operate, and how they store data. This basic information is necessary to understand how digital evidence is collected from computers and how deleted data can be recovered and examined.

8.1 A Brief History of Computers

The development of the modern computer is not an easy one to trace because of the many concepts that it combines. In the early 1800s, Jacquard developed ideas of Falcon and Vaucanson (who may have been influenced by second century Chinese looms) to create an automated loom that used sequences of wooden/cardboard cards punched with holes to create specific patterns in the woven fabric, resembling punch cards used to program computers in the twentieth century. Less than a decade later, Babbage conceived of a steam powered "difference engine" that could perform arithmetic operations and some consider him to be the father of the computer. Later in the 1800s Augusta Ada suggested a binary system rather than decimal and George Boole developed Boolean logic.

Even the more recent developments of the computer are contested. From 1940 onwards, George Stiblitz of the Bell Atlantic Laboratories developed several computing machines including The Model 5 and demonstrated one simple relay computing machine (not completely electronic) using a remote terminal in Dartmouth connected via modified telephone lines to the main computer in New York City. Then, in 1941, a German engineer named Konrad Zuse apparently created an electronic binary computer called the Z3 that used old movie film to store his programs and data.

At around the same time the electronic digital Atanasoff-Berry Computer (ABC), named after its inventors, was built with vacuum tubes, capacitors, and punch cards (Figure 8.1). Shortly after, the Electronic Numerical Integrator and Computer (ENIAC) was created by Eckert and Mauchly but the patent was later voided as a derivative of the ABC (Honeywell v. Rand 1973).

click to expand
Figure 8.1: Diagram of the Atanasoff-Berry Computer (ABC). Image from http—//www.scl.ameslab.gov/ABC/Progress.html (reproduced with permission).

ENIAC was comprised of thousands of electric vacuum tubes, filled a 30 by 50 foot room, generated vast quantities of heat, weighed 30 tons, and possessed less computing power than today's basic hand-held calculator. It was a second technological breakthrough, however, that insured the future viability of the electronic computer; namely, the invention of the solid-state transistor one year later in 1947. (Hollinger 1997)

Many others played a role in the development of the modern computer and there have been revolutionary developments in computer technology since the 700-pound ABC and 30-ton ENIAC that have made the most significant impact on crime and digital evidence. In particular, personal computers enable individuals to own and command a powerful machine that only a nation could afford 50 years ago. The mass availability of computers has caused significant changes in the way that criminals operate and evidence is conceived of - and the courts are still grappling with these changes.

The personal computer became possible in 1974 when a small company named Intel started selling inexpensive computer chips called 8080 microprocessors. A single 8080 microprocessor contained all of the electronic circuits necessary to create a programmable computer. Almost immediately, a few primitive computers were developed using this microprocessor. By the early 1980s, Steve Jobs and Steve Wozniak were mass marketing Apple computers and Bill Gates was working with IBM to mass market IBM personal computers. In England, the Acorn and the Sinclair computers were being sold. The Sinclair, a small keyboard that plugged into a standard television and audio cassette player for memory storage, was revolutionary in 1985. By supplanting expensive, centralized mainframes, these small, inexpensive computers made Bill Gates's dream of putting a computer in every home a distinct possibility. Additionally, the spread of these computers around the world made a global network of computers the next logical step.




Digital Evidence and Computer Crime
Digital Evidence and Computer Crime, Second Edition
ISBN: 0121631044
EAN: 2147483647
Year: 2003
Pages: 279

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net