User Tools

Site Tools


computer_forensics

Computer Forensics

Intro

In this new century of new and evolving technology, cyber crimes have increased in number, while becoming more meticulous and complex in nature. Computer Forensics is a major contributor to many law enforcement investigations and cyber incident research. A report published by the First Digital Forensic Research Workshop (DFRWS) defines Computer Forensics as “The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal….”.

Methodologies

In order for the information found using Computer FOrensics to be used as evidence in legal affairs, researchers must follow a standardized set of guidelines for their claims to be considered reputable. There are numerous methodologies depending on the situation. Some examples include the Abstract Digital FOrensic Model, which is the generally used for today, and the FDFM for when data volume is a concern.

Process

The following are phases in most forensics investigations.

  • Preparation- identify the type of incident and ensure the researchers have enough information to start and complete the investigation without any difficulty. This also includes ensuring all hardware and software is fully functional.
  • Extraction- obtain a copy of the desired data that has the largest amount of untainted evidence that can be taken with little effect to the victim. Preserve the physical and electronic states of the system.
  • Examination- investigate gathered evidence systematically, often using the process of elimination to disregard irrelevant information. Additionally, researchers will be aware of any found evidence that could give more leads to paths to explore.
  • Analysis- look at the big picture and try to connect all the evidence together. Decide the importance of the information found and draw conclusions from this examination.
  • Report- present a summary of the finding and explain conclusions determined with the evidence backing it up.
computer_forensics.txt · Last modified: 2021/03/28 21:26 by alec