Computer forensics, also referred to as computer forensic analysis, electronic discovery, electronic evidence discovery, digital discovery, data recovery, data discovery, computer analysis, and computer examination, is the process of methodically examining computer media (hard disks, diskettes, tapes, etc.) for evidence.
A thorough analysis by a skilled examiner can result in the reconstruction of the activities of a computer user. In other words, it is the collection, preservation, analysis, and presentation of computer-related evidence. Computer evidence can be useful in criminal cases, civil disputes, and human resources/employment proceedings.
Computer forensics, although employing some of the same skills and software as the data recovery, is a much more complex undertaking. In data recovery, the goal is to retrieve the lost data. In computer forensics, the goal is to retrieve the data and interpret as much information about it as possible.
Computer crime
- computer forensic objective.
- The computer forensic priority.
- accuracy versus speed conflict.
- The need for computer forensics.
- The double tier approach.
- Requirements for the double tier approach.
- The computer forensics specialist.
Roles of a Computer in a Crime
however, A computer can play one of three roles in computer crime. A computer can be the target of the crime, it can be the instrument of the crime. or it can serve as an evidence repository storing valuable information about the crime. so, In some cases, the computer can have multiple roles.
It can be the “smoking gun” serving as the instrument of the crime. It can also serve as a file cabinet storing critical evidence. For example, a hacker may use the computer as a tool to break into another computer and steal files, then store them on the computer. When investigating a case, it is important to know what roles the computer plays in the crime and then tailor the investigative process to that particular role.
Computer Forensics Specialist
A computer forensics specialist is thus a person responsible for doing computer forensics. therefore, The computer forensics specialist will take several careful steps to identify and attempt to retrieve possible evidence that may exist on a subject computer system:
- Protect the subject computer system during the forensic examination from any possible alteration, damage, data corruption, or virus introduction.
- Discover all files on the subject system. This includes existing normal files, deleted yet remaining files, hidden files, password-protected files, and also encrypted files.
- Recover all (or as much as possible) of discovered deleted files.
- Reveal (to the extent possible) the contents of hidden files as well as temporary or swap files used by both the application programs and the operating system.
- Accesses (if possible and if legally appropriate) the contents of protected or encrypted files.
- Analyze all possibly relevant data found in special (and typically inaccessible) areas of a disk. This includes but is not limited to what is called unallocated space on a disk (currently unused, but possibly the repository of previous data that is relevant evidence).
USE OF COMPUTER FORENSICS IN LAW ENFORCEMENT
If there is a computer on the premises of a crime scene, the chances are very good that there is valuable evidence on that computer. If the computer and its contents are examined (even if very briefly) by anyone other than a trained and experienced computer forensics specialist, the usefulness and credibility of that evidence will be tainted.
COMPUTER FORENSICS ASSISTANCE TO HUMAN RESOURCES/EMPLOYMENT PROCEEDINGS:
Computer forensics analysis is becoming increasingly useful to businesses. Computers can contain evidence in many types of human resources proceedings, including sexual harassment suits, allegations of discrimination, and wrongful termination claims. Evidence can be found in electronic mail systems, on network servers, and on individual employee’s computers.
However, due to the ease with which computer data can be manipulated, if the search and analysis are not performed by a trained computer forensics specialist, it could likely be thrown out of court.
COMPUTER FORENSICS SERVICES
A computer forensics professional does more than turn on a computer, make a directory listing, and search through files. Your forensics professionals should be able to successfully perform complex evidence recovery procedures with the skill and expertise that lends credibility to your case. For example, they should be able to perform the following services:
- Data seizure.
- duplication of data and preservation.
- Data recovery.
- Document searches.
- Media conversion.
- Expert witness services.
- Computer evidence service options.
- Other miscellaneous services.
Training Given as Expert in Computer Crimes
- Law Enforcement and Corrections Technology Symposium and Exhibition.
- Bureau of Justice Statistics/Justice Research Statistics Association.
Computer Evidence Service Options
Your computer forensics experts should offer various levels of service, each designed to suit your individual investigative needs. For example, they should be able to offer the following services:
- Standard service
- On-site service
- Emergency service
- Priority service
- Weekend service
TYPES OF LAW ENFORCEMENT iN TECHNOLOGY
As previously defined, computer forensics involves the preservation, identification, extraction, and documentation of computer evidence stored in the form of magnetically encoded information (data). Often the computer evidence was created transparently by the computer’s operating system and without the knowledge of the computer operator.
Such information may actually be hidden from view and, thus, special forensic software tools and techniques are required to preserve, identify, extract, and document the related computer evidence.
Computer forensics tools and techniques have proven to be a valuable resource for law enforcement in the identification of leads.
Article By: Sayan Chatterjee
If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs
