Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: Aanya
New Today: 0
New Yesterday: 4
Overall: 29103

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 The unallocated space on a windows 7 and Ubuntu dual boot
 Would FTK find hash values in the unallocated space?
 File path in the URL field in Internet Evidence Finder
 Question about forensics (newbie)
 Find the geographic position of a mobile phone

Computer Forensics World Forums


Pages Served
We received
45905317
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World FAQ (Frequently Asked Questions)



Category: Main -> Basic Questions

Question
·  What exactly is Computer Forensics?
·  Why is Computer Forensics employed?
·  What are the common situations in which forensics are used?
·  How is a forensic investigation typically approached?
·  Are there any actions that should be avoided during an investigation?

Answer
·  What exactly is Computer Forensics?

Generally speaking, computer forensics is considered to be the use of analytical techniques to identify, collect, preserve, and examine evidence/information which is magnetically stored or encoded

[ Back to Top ]

·  Why is Computer Forensics employed?

Normally, to provide digital evidence of a specific or general activity. The forensic investigation itself can be initiated for a wide variety fo reasons. The most high profile cases are usually in the area of criminal investigation, or perhaps civil litigation, but forensic techniques can be of value in a wide variety of situations, including, simply tracking the steps taken when data has been lost.

[ Back to Top ]

·  What are the common situations in which forensics are used?

Many, including:
Unauthorized disclosure of corporate data (by accident or design)
Employee internet abuse
Damage assessment and analysis
Industrial espionage
Criminal fraud and deception cases
More general criminal cases (many criminals simply do store information of various types on computers)

[ Back to Top ]

·  How is a forensic investigation typically approached?

Very broadly, the main phases are sometimes considered to be:
- secure the subject system (from tampering or unauthorized changes during the investigation);
- take a copy of hard drive/disk (if applicable and appropriate);
- identify and recover all files (including deleted files);
- access/view/copy hidden, protected and temp files;
- study 'special' areas on the drive (for example, the residue from previously deleted files);
- investigate the settings and any data from applications and programs used on the system;
- consider the system as a whole from various persepctives, including its structure and overall contents;
- consider general factors relating to the users computer and other activity and habits, in the context of the investigation;
- create detailed and considered report, containing an assessment of the data and information collected.

Throughout the investigation, a full audit log of all your activities should be maintained and recorded. It is not unreasonable to include this in the report.

[ Back to Top ]

·  Are there any actions that should be avoided during an investigation?

It is certainly important to avoid changing time or date stamps (typically of files) or of course changing data itself. The same applies to the overwriting of unallocated disk space (eg: which can happen on re-boot). 'Study don't change' is an important catch-phrase.

[ Back to Top ]




 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.