Forensic Computer Software Web Tips Guide
Forensic Computer Investigations Finding Unauthorised Activities
By Rainbow Spear
A forensic computer investigation is conducted in order to verify
whether a computer system or network has been used in an unlawful
or unauthorized manner.
Defense attorneys can challenge any evidence by pointing to actions
or circumstances that make the evidence unreliable or tainted,
so it is therefore highly important that all evidence be collected
in a way that leaves no room for any such challenges.
Carefully Preserving The Evidence By Analysing Copies
Analysis of storage media is done using copies and not with the
originals because the procedure can potentially change the contents.
Much of the data that an investigator collects is in a highly
perishable form when working with live systems. As an example,
the contents of RAM, which includes passwords, encryption keys
and system program settings, can simply disappear if the computer
is powered off. An investigator must proceed with valid computer
forensics techniques and review their options, in a manner that
preserves more perishable data, and collect it first.
Checking Network COnnections And The RAM
Typically, the collection order is accessing the network connection
in order to reveal the points in which a computer has been connected
and gather whatever data was being transferred.
Next, a computer examiner will check the RAM, as it can provide
details of programs that are currently running or were recently
running. After RAM, they will check the system settings in order
to identify all users, currently logged in users, system time
and date, currently accessed files and current security policies.
Imaging Of Hard Disks
Finally, hard disks which can contain much of the data needed
for an electronic forensics investigation must be imaged in order
to have no affect on the original data or impede any investigation
using the image.
The computer examiner will then proceed to collect all removable
computer storage devices, such as CD/DVDs, music players, USB
memory cards, digital camera cards and the like. Additionally,
an investigator will collect notes, printouts and other physical
evidence lying around the scene.
Looking For Passwords And Encryption Methods
Sometimes notes can contain user identifying password combinations
and security related instructions that can make the task of investigating
the scene much easier. The user of the system is an even more
valuable source; they can reveal encryption methods, passwords
and other relevant information that can aid the investigation
immeasurably.
Here are a few examples of how digital forensics can assist a
forensic computer investigator in specific cases and tasks. In
cases of adultery, online chats or text messages are typically
used to arrange meetings and provide covert communication to avoid
suspicions by a spouse. In cases of fraud, it is often times possible
to detect if and when a document was altered.
Unauthorised And Unlawful Activities On Computer Systems
Forensic computer investigations are conducted in order to help
determine whether unauthorized or unlawful activities have taken
place using computer systems. The investigator’s job is to collect
data that resides in network connections, computer hardware, computer
memory, hard disks and other removable storage media.
An investigation is done utilizing validated tools and in a way
that is acceptable to a court of law. To be a computer expert,
you are required to have an expanded awareness of laws, as well
as the technical skills to collect and analyze the gathered evidence.
About the Author:
Rainbow Spear has written a number of articles on Computers, Internet Security, Identity Theft and
Computer Software including
Computer Forensic,
Forensic Computing,
Computer Troubleshooting,
Boot Sector Virus Removal,
Identity Theft Statistics,
Accounting Business Software,
Zone Alarm Download,
Internet Banking.
Keep a lookout for more of his articles on this website.
Give Me Just The Computer Forensic Facts.....
Do you like computers and want to learn more about how they function
and save data? If you are the curious sort then you have probably
played around with computer parts and software in your spare
time.
Why not turn that fascination and hobby into a great job. Computer
forensics is an emerging field that is gaining a lot of attention.
Careers with this degree are in high demand and you can find a
job that suits your personality and needs. With so many online
universities offering degrees in this field you can even take
classes in your spare time.
|
