An Introduction to Computer Forensics

When you hear of computer forensics, the first thing that pops to mind might be a Crime Scene Investigator, pulling the plastic sheet off of a computer and inspecting for signs of a struggle. Nobody really ever talked about forensics in daily life until they started making those scientifically accurate prime time cop shows, so of course, simple word association generally leads us to forensic sciences being “Something cops do, right?”

Incidentally, the science behind computer forensics really isn’t much different from the science between crime scene forensics. In both instances, the forensics team or expert is looking for a trail of evidence. In either case, the investigator looks at what has happened, determines how it happened, and from that, deducts who might be responsible.

The major difference between the two is that, while an investigator on the scene of a robbery or a violent crime is looking for physical evidence, the computer forensics investigator is looking for digital evidence.

Interestingly, where physical evidence can often be misleading, confusing, ambiguous, and difficult to put together without the help of witness statements, digital evidence tends to present itself in a much more direct manner.

A computer keeps logs of pretty much everything that has been done with it. For example, besides your browser history, there’s also your temporary internet folder, where information from the web is stored on your computer. So, say an employee is watching YouTube all day when they’re supposed to be working. Even if they’re smart enough to clear the browser history, the temporary internet files may still hold the evidence that will earn them a warning.

That’s only a very simple example, of course. Computer forensics addresses everything from computer crime to employee misconduct, to such mundane tasks as figuring out why your virus scanner isn’t working.

The point is that everything you do on a computer leaves a mark. Deleting a file from your hard drive is not same thing as deleting all the evidence that it was ever there. Just as every room in your house holds some DNA evidence, be it a hair, saliva, or a toenail clipping, no matter how well you vacuum and shampoo your carpets, there will be some evidence that this is your home. The same goes with computers. You can’t do anything on a computer without a computer expert being able to figure out exactly what you’ve been up to.

One issue that many find confusing with regards to computer forensics … how legal is it, really?

This depends on the context. Here’s all you need to know if you’re considering hiring a computer forensics team, but aren’t sure if you can:

If you suspect an employee of breaking company policy or even breaking the law with a computer that belongs to the company, you do have the right to take a look at the computer they’ve been working any time you like.

It gets a little trickier when an employee is working on their own computer. This isn’t a dead end, but it may be a little trickier. Luckily, you don’t always have to look at their computer to find evidence of what they’ve done on their computer. In any case, go ahead and call your forensics people, and they should be able to advise you on how far you can go to gather the evidence you need in order to take action.

Really, computer forensics is simply the art of finding a trail of evidence on computers, simple as that. You never know when you’ll need such services, so it’s a good idea to keep them in mind in case you ever do.

Pure Hacking helps protect your Internet security by providing world-class penetration testing and ethical hacking risk management services. For a free consultation, please visit Ethical Hacking.

Data Forensics

Data forensics is one of the sub branches of computer forensics. It is essential to establish legal evidences as found in computers and its storage media. Its primary goal is to give a clear explanation of a digital artifact’s state. Digital artifacts include storage devices, computer systems or electronic documents.

Data forensics are employed for a couple of reasons. It is a significant portion of data recovery for either hardware or software failures. It also helps analyze how an attacker was able to break-in to a system. It is also important to gather information about an employee that a certain organization wants to terminate. Alongside all these reasons, different steps are followed in the database forensics process.

There are several steps involved in the entire forensics process. These are as follows:

• Preparation of the investigator. An investigator must have an ample background of the subject matter. He should be trained enough to know the facets of the process. He validates all data needed by the courts basing on generated reports. Since there are many tools to choose from, the investigator should determine the appropriate tool to be applied for the case.

• Collection of data. The data are gathered in the form of digital evidences. Data forensics make use of tools such as computers, hard drives, CD-ROMs and even cellular phones or digital cameras. The data should be carefully handled to assure that no changes are made. Documentation and the use of reliable tools will help secure the collected data for forensics use.

• Examination. There are two ways by which data are examined. Traditionally, the dead data analysis is employed. This is one method where investigations are performed on hard drives or any data at rest. Currently, the live data analysis is also used. This is helpful when the attacker does not make use of the computer’s hard drive. This is also important if the person makes use of cryptographic storage devices where data intervention may no longer be seen once the computer shuts-off.

Once the data are gathered and examined, the data forensics investigator may report the incident to management or to whoever needs the data. Following these steps require careful scrutiny of the scenario. This will ensure that all legal actions will be imposed on the attacker. In like manner, it will help dictate the punishment to be given to the offender.

Property of RecoverMyPc Inc.
Ara Pekel invites you to visit http://www.recovermypc.com
RecoverMyPc will give you the Secure Data Recovery that you need. Use our free Online Picture Recovery Tool, Free Software, Software Coupons, and Great Articles to read.