Free Essay

Computer Forensics

In:

Submitted By keeper45
Words 2742
Pages 11
Computer Forensics
The world of crime has expanded right along with the explosion of the internet. The modern cyber criminal has veritable global playground in which to steal money and information from unsuspecting victims. Computer forensics is a quickly emerging science against the increasingly difficult battle to bring criminals to justice who perpetrates crimes on others. The computer forensics field is a relatively new investigative tool but enjoys continual advances in procedures, standards, and methodology which is making the identification, preservation, and analyzing of digital evidence a powerful law enforcement apparatus. The job of the cyber forensic professional is to look for clues the attacker left behind on web sites, servers, and even the e-mail message itself that will unravel their sometimes carefully woven veil of secrecy. Attackers come in all forms and from a variety of different circumstances. For instance, an attacker can begin a phishing scam with only a web server they control with very little programming experience and a way to send a lot of e-mail messages. (Jones 4) In order to combat the waves of cyber-attackers, we must utilize Open Source Community applications to combat the continual onslaught of infections, exploitations, and trickery employed everyday against our systems and networks. Today's attacker uses a variety of technologies to employ their methods and understanding those abilities is integral to preparing for an investigation. While dial up modems would seem pretty much a thing of the past, there are still a significant number of people accessing the Internet via these devices. Cable or DSL modems are now the in-vogue conduit to the Internet and offer the vulnerability of always being "on-line." Criminal activity comes in many different forms including, spam, phishing, viruses, and worms to name a few. Spam and viruses are now being merged together to create a platform to install secret e-mail servers on infected desktop systems and then are used as relays for sending out spam but block the original sender's identification information. The use of this innovative platform provides the attacker with a cloak of invisibility against forensic professionals trying to find them. Gathering a system for forensics investigations requires legal searches and seizures. A system can be obtained through subpoena, search warrant, or if the system is given up voluntarily. Of course, the easiest method for all involved is if the system is given up with consent. Consent is given by the system's primary owner usually if they are not the subject of the investigation. The difficulty with voluntary surrender occurs when the system or device being investigated is part of a business' network and it is implausible to remove the entire string of devices or to take the entire system off-line. Even if the computer or system is voluntarily surrendered, it is imperative that all applicable laws and policies are adhered to when retrieving and securing the suspect computer. The subpoena is used to obtain the system if for instance, the owner does not consent to providing it or if there is a concern that the evidence will be destroyed before the actual investigation on the equipment can begin. Another common use of the subpoena allows for obtaining the suspect system from the owner who is unwilling to hand it over even though they are not a suspect. A variety of reasons may compel a system owner in this situation to be reluctant to surrender their machine and could include that the system contains sensitive business information and policies they do not want revealed to outside agencies. The other way for a system to be obtained for investigation is through a search warrant. The search warrant is usually used when there are significant concerns that a subpoena will allow the owner to damage, destroy, or render useless the evidence contained on the system. It is important to understand that the search warrant option is not available to the private computer forensics investigator only to law enforcement officials. Once a system has been obtained for investigative purposes and the investigation begins, it is important that the chain of custody process is strictly adhered to. Chain of custody allows the evidence to be acquired properly and remain pristine but most importantly to be complete and without gaps. The computer forensics professional ensures the integrity of the chain of custody through the use of a log that includes every time the evidence was accessed as well as procedures that describe each step taken during the search for evidence. Each step of the chain of custody must have specific controls instituted whereby the integrity of the evidence is never compromised. The first step is to take photographs of the real evidence to show it in its original state. Controls include following safety procedures and proper handling practices especially sensitive electro-mechanical devices like storage devices, disks, and hard drives. Chain of Custody controls need to be instituted to prevent accidental changes to the evidence including, applying write blockers, generating snapshots of the media using a hash or checksum before any analysis, and verifying and running analysis tools using read-only access. Protecting the evidence through chain of custody controls is critical to establishing the investigator's expertise and credibility. Computer forensics professionals are required to follow clear, well-defined methods and procedures, as well as have the ability to deal with unexpected circumstances and discoveries. Every forensic investigator must treat every case they work on as if it were going to go to trial. It is so easy to fall into the trap of forgetting that the computer is in fact evidence and not taking the necessary steps to properly document all facets of the investigative process. There are four basic steps to completing a forensics investigation on a system. The investigation begins with data collection, followed by examining and analyzing what was found, and then finally reporting to the client what exactly was found. The tools for performing computer forensics investigations are commonly available on the commercial market. At the very beginning of an investigation, the very first step is to get prepared to do the investigation. Preparation is an essential step in the investigative process and cannot be ignored. The better prepared an investigator is, the better the final product will be. Preparation starts with knowing your hardware which entails understanding what types of devices that the information can be retrieved from. Information retrieval is not limited to the system's hard drive but also can be garnered from digital items such as CD-ROMs and thumb drives, all of which store their information relatively intact. Seasoned investigators can also retrieve information from keyboards, monitors, and printers even though these devices do not store information after being turned off. An important aspect of preparation involves knowing what type of operating system is going to be investigated. As a general rule there are only three types of operating systems most commonly used; Microsoft, Unix/Linux, and the Apple Macintosh systems. Other operating systems are out there but are not quite as popular but would still need to be investigated should the need arise. Some of those lesser utilized systems include, IBM's Disk Operating System, Microsoft's MS-DOS, Linspire, and BeOS which has a user-friendly graphical user interface (GUI) that is very fast and stable. Each of them offer networking capabilities with Unix/Linux being considered as some of the most secured systems. (Schweitzer 46) Operating systems are not just confined to work stations; consideration must also be made to the servers on which information is stored and vulnerable to attack. In today's technologically advanced world, there are so many media storage devices that the forensics professional needs to be prepared to investigate a myriad of apparatuses. Computer users are the primary avenue for attackers to circumvent security measures installed to stop them. In a business setting, key logging can also be a viable tool for detecting fraud, finding out if unauthorized users are gaining access to the system, or locating who is wasting valuable company time and resources. Unfortunately, if the company allows key logging apparatuses to remain on their network, it could be used by the attacker to garner information detrimental to the company. Another prime threat to system and network security is the Universal Serial Bus (USB) device. All modern computers, for the most part, have a number of USB connection ports that allows the user to connect and disconnect a variety of devices quickly and simply. The number of USB devices available in today's market include printers, scanners, mice, modems (wireless and DSL), and of course storage devices which are increasing in storage capability at phenomenal rates. The key aspect of USB storage devices are their portability and convenience of being able to connect and disconnect from the machine without having to shut the machine down. The large storage capacities and portability of USB storage devices make them a particularly attractive vehicle for installing malicious applications without the user's knowledge or consent. Key logging and USB technologies are just two of the obstacles that computer forensics professional face when gathering evidence in response to a computer incident. The number one purpose of computer forensics is the proper identification and collection of computer evidence.(Solomon 52) There are basically two categories of computer evidence; real and documentary. Most everybody is familiar with the term real evidence and is essentially evidence that is an object that can be held, touched, or felt. In computer forensics, real evidence could be the actual computer, keyboards, hard drives, or peripheral devices (including removable media). Documentary evidence on the other hand is the type of evidence that will be used to prove a case in court. Documentary evidence is written documentation in the form of log files, database files, incident-specific files and reports all gathered to show what actually occurred but it must be authenticated. The authentication process proves that the evidence was gathered correctly and the data proves a fact.(Solomon 55) The discussion about evidence cannot be complete without talking about what is known as the best evidence rule. The best evidence rule protects the evidence for being tampered with and requires that the documentary evidence submitted must be an original, not a copy. The advantage behind introducing an original piece of documentary evidence is that there is less opportunity for changes to happen when it was being copied. The majority of evidence that is gathered during computer incident investigations will center on the computer itself plus the storage media used during the incident. When conducting an investigation, it is critical that every single step taken is documented. Investigative documentation encompasses cataloging all the programs installed on the system, gathering the audit and activity log files found using default file names, examining the operating system, and searching for any and all files created by using identified programs. The key to documenting evidence is to be thorough, creative, and persistent. Before the evidence can be gathered, the system requiring investigation must be properly obtained. As the investigation begins, the first place the investigator goes to is the log files which are regarded as the primary record of activity that has transpired in the operating system. The log files are a prime source for finding documented evidence of what is or has happened to the system. Logging's main purpose is to capture and store significant events which are placed in system logs, audit application logs, network management logs, network traffic capture, and state of the file system data. Network logs are also a very good source of information that allows you to see what was recorded concerning ongoing computer activity. It is crucial to understand that the log files are sometimes the only evidence of suspicious activity and must be analyzed to determine the extent of the damage, help systems recover quickly, and provide evidence needed for legal proceedings. Another major source of forensic information can be found in the computer's memory. Computer memory is classified in two forms, non-volatile and volatile. Non-volatile memory is used when the data or information that is stored needs to be maintained for long periods of time. Non-volatile memory can be found on motherboard's BIOS chips and is unlikely to contain information germane to a security breach or incident. On the other hand, volatile memory is the Random Access Memory (RAM) chips that every computer uses to load and store operating system generated data. The problem with retrieving data from volatile memory is that once the computer is turned off, the data and therefore the evidence is lost. The forensic investigator should always collect evidence in a particular but simple order from what is concerned the most to the least volatile. Memory is the most volatile and must be collected for because it can be quickly overwritten or deleted. Collecting data from the temporary file is next followed by the disk and then from the least volatile, the physical configuration of the network. Windows registry plays an important role in computer forensics since so much of the world's computers and systems run Microsoft Windows operating systems. Windows registry is the database where all the information about a computer is stored. The registry is used to store everything from installed applications to the colors displayed on the system's screen.(Schweitzer 70) Hackers are able to compromise a system through improper security and permissions settings. Once the attacker compromises the system, they can hide processes, files, and Registry keys as well as launch malicious applications like Trojan horses the next time the computer is started. One useful tool for collecting volatile Registry data is Process Monitor. Process Monitor is a freeware utility that displays, captures, and logs all Registry activity in real-time which makes it a very useful incident-response and forensic tool. The Microsoft Windows' Recycle Bin provides users with the ability to discard and then later retrieve files and information they had placed there. Most users believe that once the Recycle Bin is emptied, the information or files no longer exists. The fact is the data stays in its original place and only the map leading to the information or file is actually deleted. Computer forensics professionals are able to retrieve the data until the system overwrites the original location where the data was stored. Interestingly, when a file is deleted, the first character of the file name is changed to a hex E5 making it easier to recover the information. There are freeware and shareware utilities available for recovering data that has been deleted via the Recycle Bin but it may be more beneficial to purchase specific software extensive enough to do the job right The computer forensics field is becoming increasingly more important in the fight to repel cyber criminals. The computer forensics professional must be aware how the attacker is able to gain access to the system or network and then exploit the system. In order to catch the exploiter, the investigator must understand the different phases of the investigative process including, obtaining the item for investigating, proper chain of custody procedures, and documenting from start to finish. During the investigation, it is critical that the investigator understands where the primary sources for finding incriminating evidence even though there is software available to do the job automatically. Computer forensics professionals will continue to battle the attacker using their skills, techniques, and imagination to seek out and deny the cyber-criminal the ability to make money at the expense of innocent victims. Aquilina, James M., Eoghan Casey, and Cameron H. Malin. Malware Forensics: Investigating and Analyzing Malicious Code. Burlington, MA: Syngress Publishing, 2008.
Bosworth, Seymour, and Michel E. Kabay. Computer Security Handbook. New York: John Wiley & Sons, 2002.
Caloyannides, Michael A., and Michael A. Caloyannides. Privacy Protection and Computer Forensics. Artech House computer security series. Boston: Artech House, 2004.
Jones, Robert. Internet Forensics. Beijing: O'Reilly, 2006.
Kruse, Warren G., and Jay G. Heiser. Computer Forensics: Incident Response Essentials. Boston, MA: Addison-Wesley, 2001.
McClure, Stuart, Joel Scambray, and George Kurtz. Hacking Exposed: Network Security Secrets & Solutions. Emeryville, Calif: McGraw-Hill/Osborne, 2005.
Mendell, Ronald L., and Ronald L. Mendell. Investigating Computer Crime in the 21st Century. Springfield, Ill: Charles C. Thomas, 2004.
Middleton, Bruce. Cyber Crime Investigator's Field Guide. Boca Raton, FL: CRC Press, 2002.
Schweitzer, Douglas. Incident Response: Computer Forensics Toolkit. Indianapolis, IN: Wiley, 2003.
Solomon, Michael, Diane Barrett, and Neil Broom. Computer Forensics Jumpstart. San Francisco: Sybex, 2005.

Similar Documents

Free Essay

Computer Forensics

...International Journal of Digital Evidence Fall 2007, Volume 6, Issue 2 Computer Forensic Analysis in a Virtual Environment Derek Bem Ewa Huebner University of Western Sydney, Australia Abstract In this paper we discuss the potential role of virtual environments in the analysis phase of computer forensics investigations. General concepts of virtual environments and software tools are presented and discussed. Further we identify the limitations of virtual environments leading to the conclusion that this method can not be considered to be a replacement for conventional techniques of computer evidence collection and analysis. We propose a new approach where two environments, conventional and virtual, are used independently. Further we demonstrate that this approach can considerably shorten the time of the computer forensics investigation analysis phase and it also allows for better utilisation of less qualified personnel. Keywords: Computer Forensics, Virtual Machine, computer evidence. Introduction In this paper we examine the application of the VMWare (VMWare, 2007) virtual environment in the analysis phase of a computer forensics investigation. We show that the environment created by VMWare differs considerably from the original computer system, and because of that VMWare by itself is very unlikely to produce court admissible evidence. We propose a new approach when two environments, conventional and virtual, are used concurrently and independently. After the images...

Words: 3983 - Pages: 16

Free Essay

Computer Forensics

...Computer Forensics Through the Years Prof. Pepin Galarga Computer Forensics Sep 11, 2010 Table of Content Introduction …………………………………………………………………………………Page 2 The Early Years……………………………………………………………….......................Page 3 Early Training Programs …………………………………………………………………....Page 4 Typical Aspects of Computer Forensic Investigations ……………………………………..Page 5 Legal Aspects of Computer Forensics …………………………………………..……...…..Page 6 Conclusion ………………………………………………………………………………….Page 7 References………………………………………………………………………………..…Page 8 Introduction If you manage or administer information systems and networks, you should understand computer forensics. Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts. (The word forensics means “to bring to the court.”) Forensics deals primarily with the recovery and analysis of latent evidence. Latent evidence can take many forms, from fingerprints left on a window to DNA evidence recovered from blood stains to the files on a hard drive. Because computer forensics is a new discipline, there is little standardization and consistency across the courts and industry. As a result, it is not yet recognized as a formal “scientific” discipline. Image by Flickr.com, courtesy of Steve Jurvetson Computer forensics is the study of extracting, analyzing and documenting evidence from a computer system or network. It is often used by law enforcement officials to seek...

Words: 1382 - Pages: 6

Free Essay

Computer Forensics

...computer forensics Background of Computer forensics: What is most worth to remember is that computer forensic is only one more from many forensic subdivisions. It’s not new, it’s not revolution.. Computer forensics use the same scientific methods like others forensics subdivisions. So computer forensics is not revolution in forensic science! It’s simple evolution of crime techniques and ideas. Forensic origins: Forensic roots from a Latin word, “forensic” which generally means forum or discussion. In the reign of the Romans, any criminal who has been charged with a crime is presented before an assembly of public folks. Both of the complainant and the defendant are to present their sides through their own speeches. The one who was able to explain his side with fervent delivery and argumentation typically won the case. It is important to realize that computer forensics is only one subdivision of forensic science. It is digital, it includes most advanced computer science but still it is only branch of forensic science, an its main goal is  submission of the proven claims of scientific methods and strategies to recover any significant digital traces. Computer Forensic Timeline: 1970s • First crimes cases involving computers, mainly financial fraud 1980’s • Financial investigators and courts realize that in some cases all the records and evidences were only on computers. • Norton Utilities, “Un-erase” tool created • Association of Certified Fraud...

Words: 4790 - Pages: 20

Premium Essay

Computer Forensic Analysis and Repor

...Computer Forensic Analysis and Report Nathaniel B. Rollins Jr Kaplan University Computer Forensics I/CF101 Prof: Tatyana Zidarov November 19, 2012 Computer Forensic Analysis and Report A. INTODUCTION I Nathaniel B. Rollins a Computer Forensic Specialist (CFS) with the Metro Police Department (MPD) received a file image from Officer X to conduct a search for electronic evidence. Which he stated was copied from the SNEEKIE BADINUF (COMPLAINANT) computer, with consent. This was verified through COMPLAINANT statement, repot, consent to search form, and chain of custody, provided by Officer X, along with the request for analyzing the evidence. Upon reviewing of her statement filed on May 14 2006, the COMPLAINANT stated she had received an email from a correspondent named NFarious that demanded $5000 in ransom, or the animals would be harmed. The COMPLAINANT also stated her pets had been gone for an entire week, and she was worried that the abductor may already have injured the animals. During a subsequent interview the COMPLAINANT stated that she took out a $20,000 insurance policy on her pets in September 2005 that would not be active for 6 month. The purpose of this investigation is to confer or negate the COMPLAINTANTS involvement with the kidnaping of the animals. B. MATERIALS AVAILABLE FOR REVIEW a. 1 Chain of Custody b. Evidence Log c. Complainants Statement d. Officers Report e. Forensic Disk Image of Computer f. Photos (location...

Words: 1176 - Pages: 5

Premium Essay

Assignment 4 Computer Forensics Tools

...Assignment 4 Computer Forensic Tools Derek Jackson Computer Crime Investigation Professor: Dr. Jessica Chisholm 03/06/2016 When purchasing computer forensics tools and resources for a company, you always want to make sure you are doing the necessary research and determining which of these programs are the best options for the company. This is very important job in any company as you are in charge of not only protecting the company’s data with these tools, but also recovering any information that may have been lost or deleted. There are many programs that are available that can be used to recover deleted files. Two of the programs that you could use are the MiniTool Partition Recovery and PC Inspector File Recovery. The MiniTool Partition Recovery is a free program that has a wizard-based interface which makes it very easy and straightforward to use and understand. You can point the MiniTool Partition Recovery at the problem drive, specify the area to be searched, and it will scan for the missing partition. Then a report will generate that will let you know what the program has found, and you can then recover that partition in a few seconds typically. The only downfall is that you won’t get a bootable recovery disk, so if the partition is damaged then the MiniTool Recovery program won’t be able to recover the deleted partition. The PC Inspector File Recovery allows you to be able to recover a full set of missing files on both FAT and NTFS drives. They are clearly...

Words: 1005 - Pages: 5

Free Essay

Computer Intrusion Forensics

...Computer Intrusion Forensics Research Paper Nathan Balon Ronald Stovall Thomas Scaria CIS 544 Abstract The need for computer intrusion forensics arises from the alarming increase in the number of computer crimes that are committed annually. After a computer system has been breached and an intrusion has been detected, there is a need for a computer forensics investigation to follow. Computer forensics is used to bring to justice, those responsible for conducting attacks on computer systems throughout the world. Because of this the law must be follow precisely when conducting a forensics investigation. It is not enough to simple know an attacker is responsible for the crime, the forensics investigation must be carried out in a precise manner that will produce evidence that is amicable in a court room. For computer intrusion forensics many methodologies have been designed to be used when conducting an investigation. A computer forensics investigator also needs certain skills to conduct the investigation. Along with this, the computer forensics investigator must be equipped with an array of software tools. With the birth of the Internet and networks, the computer intrusion has never been as significant as it is now. There are different preventive measures available, such as access control and authentication, to attempt to prevent intruders. Intrusion detection systems (IDS) are developed to detect an intrusion as it occurs, and to execute countermeasures when detected...

Words: 9608 - Pages: 39

Free Essay

Computer Forensics Analysis Project

...Computer Forensics I (FOR 240-81A) Project #3 Case Background The Suni Munshani v. Signal Lake Venture Fund II, LP, et al suit is about email tampering, perjury, and fraud. On December 18, 2000, Suni Munshani (Plaintiff) filed a suit against Signal Lake Venture Fund. Mr. Munshani claimed that he was entitled to warrants in excess of $25 million dollars from Signal Lake. In February 2001, Signal Lake Venture Fund II, LP, et al. (Defendant) became privy to the court filings in this case. Within the filings there was an email provided by Mr. Munshani from Hemant Trivedi, CEO of one of the portfolio companies, stating he was indeed entitled to the warrants. Mr. Trivedi denied any knowledge of the email, or any such communication with Mr. Munshani. In an effort to prove their innocence, Signal Lake hired a computer forensic group to conduct a private investigation. The investigation did not show any evidence of the supposed email provided to the court by Mr. Munshani. Mr. Trivedi filed an affidavit stating that the email was forged, while Mr. Munshani filed an affidavit stating the email was real. In March 2001, a computer forensics expert, Kenneth R. Shear, was appointed by the court to perform a forensic examination on the questioned message (the message provided by Mr. Munshani) and the comparative message (a second message from Mr. Trivedi found on Mr. Munshani’s computer). Mr. Shear worked for a company called Electronic Evidence Discovery, Inc. (EED). Mr. Shear’s forensic...

Words: 799 - Pages: 4

Premium Essay

Essay On Computer Forensics

...Abstract: Rising era of computer and other technologies as internet and gadgets, explosively increase in number of cybercrime or other crimes using technologies. The growth of computer forensic has taken as huge success to control those crimes which are committed using computers. The main task of computer forensic is to examining and collecting electronic data as evidence from a crime scene. The work of computer forensic is to recover the data which has been hacked or lost by the criminals using different system. The growing dependency on computer forensic has decreased the cybercrime and professionals have to understand the computer technology that is used in computer forensic. Introduction Forensic roots from a Latin word, “forensic” which...

Words: 870 - Pages: 4

Premium Essay

Computer Forensics Operational Manual

...COMPUTER FORENSICS OPERATIONAL MANUAL 1. Policy Name: Imaging Removable Hard Drives 2. Policy Number/Version: 1.0 3. Subject: Imaging and analysis of removable evidence hard drives. 4. Purpose: Document the procedure for imaging and analyzing different types of evidence hard drives removed from desktop or laptop computers. 5. Document Control:Approved By/Date: Revised Date/Revision Number: 6. Responsible Authority: The Quality Manager (or designee). 7. Related Standards/Statutes/References: A) ASCLD/LAB Legacy standards 1.4.2.5, 1.4.2.6, 1.4.2.7, 1.4.2.8, 1.4.2.11, and 1.4.2.12. B) ASCLD/LAB International Supplemental requirements: 3 (Terms and Definitions), 4.13.2.4, 5.4.1.1, 5.4.1.2, 5.4.2.1. C) ISO/IEC 17025:2005 clauses: 4.1.5 (a, f, g, h, and i), 4.2.1, 4.2.2 (d), 4.2.5, 4.3.1, 4.15.1, 5.3.2, 5.4.1, 5.4.4, 5.4.5.2, 5.4.7.2 (a - c), all of 5.5, all of 5.8, and 5.9.1 (a). 8. Scope: Imaging and examining different types of hard drives (SATA, SCSI, and IDE) removed from desktops and laptops. 9. Policy Statement: A) No analysis will be performed without legal authority (search warrant or consent form). If not submitted, the examiner must contact the investigator to obtain the necessary legal authority. B) Forensic computers are not connected to the Inter-net. C) All forensic archives created and data recovered during examinations are considered evidence. D) Changes to this procedure can be made if approved by the Quality Manager, who will document the changes...

Words: 731 - Pages: 3

Free Essay

Computer Forensics Case Analysis

...Project 1 Case Analysis CCJS321 The two cases I have chosen to analyze for Project One is the Max Ray Butler aka “Iceman” cybercrime case and the Albert Gonzalez cybercrime case. I have chosen these two cases because they both had significant impact on the computer forensics field. Both of these cybercrimes are similar in nature because both deal in credit card and identity theft on the grandest scale. Max Ray Butler and Albert Gonzalez were brought to justice after many years of a cyber-forensic investigation that went through a network of multiple U.S. agencies; including the FBI, US Secret Service and US-CERT (United States Computer Emergency Readiness Team) a Department of Homeland Security who were all networked together at the National Computer Forensic Training Academy in Pittsburg, Pennsylvania. Both of these men were given the longest prison sentences ever handed out by a judge for computer crimes of their notoriety and magnitude. Finally, they both set a blue print for digital forensic investigators of the proper procedures to follow in order to capture future want-to-be crime lords. Max Butler aka “Iceman” was a white-hat hacker that went rogue. His story is that, “he was a good hacker hired by the government to test the security of one of their websites, while doing that job he installed a backdoor to their system that would allow him to come in later so he could make some fixes to the system on his own time. Well of course this second part of the...

Words: 1323 - Pages: 6

Free Essay

Assignment 1: Computer Forensics Overview

...Assignment 1: Computer Forensics Overview CIS 417 Computer Forensics Computer forensics is the process of investigating and analyzing techniques to gather and preserve information and evidence from a particular computing device in a way it can be presented in a court of law. The main role of computer analyst is to recover data including photos, files/documents, and e-mails from computer storage devices that were deleted, damaged and otherwise manipulated. The forensics expert’s work on cases involving crimes associated with internet based concerns and the investigations of other potential possibilities on other computer systems that may have been related or involved in the crime to find enough evidence of illegal activities. Computer experts can also use their professional knowledge to protect corporate computers/servers from infiltration, determine how the computer was broken into, and recover lost files in the company. Processes are used to obtain this information and some of the processes are as follows; * Investigation process: Computer forensics investigations will typically be done as part of a crime that allegedly occurred. The first step of the investigation should be to verify that a crime took place. Understand what occurred of the incident, assess the case, and see if the crime leads back to the individual. * System Description: Next step, once you verified the crime did occur, you then begin gathering as much information and data about the specific...

Words: 1397 - Pages: 6

Premium Essay

Computer Forensics and Cyber Crime

...Computer Forensics and Cyber Crime Author Institution Computer Forensics and Cyber Crime A security survey or audit can also be referred to as a vulnerability analysis. A security survey is an exhaustive physical examination whereby all operational systems and procedures are inspected thoroughly (Fischer & Green, 2004). A security survey involves a critical on-site examination and analysis of a facility, plant, institution, business or home to determine its current security status, its current practices deficiencies or excesses, determine level of protection needed, and ways of improving overall security levels are recommended. A security survey can either be done by in-house personnel or by external security consultants. However, outside security experts are preferred their approach to the job would be more objective and would not take some parts of the job for granted therefore resulting to a more complete appraisal of current conditions. A security survey/audit should be carried out regularly so as keep improving to and up to date especially with the growing rate of technology. Overall objectives of a security survey are: determination of current states of security, location various weaknesses in the security defenses, determination of level of protection required and finally give recommendations for the establishment of a total security program (Fischer & Green, 2004). Some weaknesses identified in the process of a security survey may be: vulnerability...

Words: 686 - Pages: 3

Free Essay

Computer Forensics

...Effortless English What is the most important English skill? What skill must you have to communicate well? Obviously, number 1 is Fluency. What is fluency? Fluency is the ability to speak (and understand) English quickly and easily... WITHOUT translation. Fluency means you can talk easily with native speakers-- they easily understand you, and you easily understand them. In fact, you speak and understand instantly. Fluency is your most important English goal. The research is clear-- there is only ONE way to get fluency. You do not get fluency by reading textbooks. You do not get fluency by going to English schools. You do not get fluency by studying grammar rules. The Key To Excellent Speaking Listening Is The Key To get English fluency, you must have a lot of understandable repetitive listening. That is the ONLY way. To be a FANTASTIC English speaker, you must learn English with your ears, not with your eyes. In other words, you must listen. Your ears are the key to excellent speaking. What kind of listening is best? Well, it must be understandable and must be repetitive. Both of those words are important-- Understandable and Repetitive. If you don't understand, you learn nothing. You will not improve. That's why listening to English TV does not help you. You don't understand most of it. It is too difficult. It is too fast. Its obvious right? If you do not understand, you will not improve. So, the best listening material is EASY. That’s right, you should listen mostly...

Words: 1404 - Pages: 6

Premium Essay

Computer Forensics Tools

...Computer Forensics Tools Strayer University E-Support Undelete Plus is powerful software that can quickly scan a computer or storage medium for deleted files and restore them on command. It works with computers, flash drives, cameras, and other forms of data storage. Deleting a file from your computer, flash disk, camera, or the like does not mean it is lost forever. Software doesn’t destroy files when it deletes, it simply marks the space the file was using as being available for re-use. If nothing has needed that space since the deletion, the data is still there and the file can be recovered. Simply scan the device, select the files you want to recover, and click a button to restore the information (Softpedia, 2013). The interface Undelete PLUS is geared up with is very nice and easy to handle. In the right panel, there is the Drives tree. The user can change the view to file types (MP3, PDF, RTF, RAR, ZIP, XML, PNG, etc.) or to folders. In the left, there will be displayed all the files Undelete PLUS was able to detect. The software will inform you of the state of the files it has detected. This way, you will know that if the status reads "very good" then there still is a chance of recovering that file. "Overwritten" status means that the respective file is either corrupted or cannot be recovered. Additional information tell you about the size of the file, format, path, date of its creation and modification. The software is capable of recovering entire...

Words: 1755 - Pages: 8

Free Essay

A History of Modern

...Guide to Computer Forensics and Investigations Fourth Edition Chapter 7 Current Computer Forensics Tools Objectives • Explain how to evaluate needs for computer forensics tools • Describe available computer forensics software tools • List some considerations for computer forensics hardware tools • Describe methods for validating and testing computer forensics tools Guide to Computer Forensics and Investigations 2 Evaluating Computer Forensics Tool Needs • Look for versatility, flexibility, and robustness – – – – – OS File system Script capabilities Automated features Vendor’s reputation • Keep in mind what application files you will be analyzing Guide to Computer Forensics and Investigations 3 Types of Computer Forensics Tools • Hardware forensic tools – Range from single-purpose components to complete computer systems and servers • Software forensic tools – Types • Command-line applications • GUI applications – Commonly used to copy data from a suspect’s disk drive to an image file Guide to Computer Forensics and Investigations 4 Tasks Performed by Computer Forensics Tools • Five major categories: – – – – – Acquisition Validation and discrimination Extraction Reconstruction Reporting Guide to Computer Forensics and Investigations 5 Tasks Performed by Computer Forensics Tools (continued) • Acquisition – Making a copy of the original drive • Acquisition subfunctions: – – – – – – – Physical data copy Logical data copy...

Words: 2076 - Pages: 9