Computer Forensics is the scientific study of computers or computer related data in relation to an investigation by a law enforcement agency for use in a court of law. While this technology may be as old as computers themselves, the advances in technology are constantly revising the science of computer forensics.
In the technological old days, computer forensics was mostly related to data dumps, printing out every keystroke that had been logged on a computer in a series of eight digits, all of them zeroes and ones. Literally cases of paper would be used for the printing of the materials. Systems analysts would then have to convert all of the data into hex and then translate the value into whatever the actual keystroke was. In this way, it was possible to go over all of the data and figure out at what point the computer and the corresponding program crashed. Like computers and technology, Computer forensics has evolved by leaps and bounds since those days of old.
While all computer language still ultimately boils down to ones and zeroes or binary and then hex, the means by which programs are created, run and utilized has changed drastically. Computer forensics has done well to keep up with the task at hand. Now hard drives can be wiped clean. However, without an unconditional format (and in rare cases, even with the unconditional switch) the data can still be retrieved. It takes an expert in computer forensics however. It takes someone who is familiar with the technology of the computer and the science of computer forensics to reconstruct all of the data that has been wiped off of the hard drive.
Computer forensics can be used to track emails, instant messaging and just about any other form of computer related communications. This can be necessary, especially in the world today. Computer forensics experts have even advanced the technology to the point that they can track data real time, or while it is actually being sent and received. This is a mind-numbing task when you think about the billions of communications going on around the globe at any given time, but the science of computer forensics is constantly advancing every bit as quickly or sometimes even faster than the technology they are responsible for investigating.
Computer forensics is an interesting aspect of technology that is often overlooked. Computer forensics have been used to solve many crimes and should be considered a viable tool in many ways. The study of computer forensics is constantly growing along with technology.
Forensics HQ http://forensicshq.com/ investigates the world of forensics and crime scene investigation.
Article Source: http://EzineArticles.com/?expert=Carl_Walker
Solving Crime with Computer Forensics
ACT Vs Goldmine
I supported ACT! versions 2 - 6 at my company for 10 years. We had much success with it and had about 35 internal users, 20 synchronizing remote laptops and a database of about 75,000 contacts.
There came a time when the company wanted to switch to an SQL-based contact management program in order to closely integrate with in-house-developed SQL applications. ACT had not yet developed their SQL version, so the company switched to Goldmine. To get Goldmine going, my company spent about $15,000 for the software and licenses plus about $5,000 for consulting services and about $3,000 for annual Goldmine maintenance fees. The installation and database conversion took about 6 months to complete and was filled with constant frustration and confusion on the part of users and managers.
We found that Goldmine could not even correctly parse contact names. For example, if one entered "James Smith Jr" as the contact name, Goldmine interpreted the last name as "Jr". Therefore, we could not enter last name suffixes or titles such as Jr, Sr, CPA, etc. There was no other provision for them. Also, there was no provision to Lookup by First Name. We needed that capability, so we hired a Goldmine consultant to implement that feature. Of course, that meant that they would have to re-create those changes every time a version upgrade of Goldmine was implemented.
We found that Goldmine was not at all easy to use, like ACT! was, and did not meet our basic needs. For example, we used ACT's Contact List often throughout the day. Goldmine did not have one. We frequently used ACT's Lookups and would then drill down or add to them or sort them. Goldmine's lookup had only a binary query feature that was complicated and confusing. There was no Lookup By Example. Duplicate contact checking didn't quite work. Importing and Exporting of contacts was complicated and time consuming. Synchronization was difficult to set up and maintain. Database customization was limited. Display and report layouts could be changed only with difficulty. Most changes that we did ourselves in ACT! required the help of expensive consultants in Goldmine.
Because ACT! is more popular, people that we hired often had experience with ACT! but not Goldmine, so the learning curve was more time consuming for new people. As time went by, most of our time was spent just struggling with Goldmine and trying to learn its quirks rather than getting good productivity from it. Users could not be creative with Goldmine and expand its use in their jobs. Every time they tried, Goldmine would create errors and block their progress resulting in frustration, limited usage and corrupted data. We found our investment in Goldmine not paying off.
Goldmine allows only one database to exist at a time. This totally destroyed our nightly backup policy that we developed in ACT!. Previously, for example, if we accidentally deleted a contact from ACT!, we would open a backup copy and export the contact into the current ACT! database. You cannot do that in Goldmine because it does not allow you to export a contact from one Goldmine database to another. Not even a test database could exist, so testing of features had to be done on the live database-- very carefully.
If you want a feature-rich, expansive, easy-to-use, customizable, SQL- and .NET-based contact management program that is reasonably priced, I recommend that you take a look at the latest versions of ACT! at www.act.com. If you do want some help with installation, training and customization, the people at JCS Computer Corp (www.jcscomputer.com) can help with that.
jobrien http://www.jcscomputer.com
Jennifer O'Brien
Article Source: http://EzineArticles.com/?expert=Jennifer_OBrien
Best Practices for Computer Forensics in the Field
Introduction
Computer forensic examiners are responsible for technical acuity, knowledge of the law, and objectivity in the course of investigations. Success is principled upon verifiable and repeatable reported results that represent direct evidence of suspected wrong-doing or potential exoneration. This article establishes a series of best practices for the computer forensics practitioner, representing the best evidence for defensible solutions in the field. Best practices themselves are intended to capture those processes that have repeatedly shown to be successful in their use. This is not a cookbook. Best practices are meant to be reviewed and applied based on the specific needs of the organization, the case and the case
setting.
Job Knowledge
An examiner can only be so informed when they walk into a field setting. In many
cases, the client or the client’s representative will provide some information about
how many systems are in question, their specifications, and their current state.
And just as often, they are critically wrong. This is especially true when it comes to
hard drive sizes, cracking laptop computers, password hacking and device
interfaces. A seizure that brings the equipment back to the lab should always be
the first line of defense, providing maximum flexibility. If you must perform onsite,
create a comprehensive working list of information to be collected before you hit
the field. The list should be comprised of small steps with a checkbox for each
step. The examiner should be completely informed of their next step and not have
to “think on their feet.”
Overestimate
Overestimate effort by at least a factor of two the amount of time you will require to
complete the job. This includes accessing the device, initiating the forensic
acquisition with the proper write-blocking strategy, filling out the appropriate
paperwork and chain of custody documentation, copying the acquired files to
another device and restoring the hardware to its initial state. Keep in mind that you
may require shop manuals to direct you in taking apart small devices to access the
drive, creating more difficulty in accomplishing the acquisition and hardware
restoration. Live by Murphy’s Law. Something will always challenge you and take
more time than anticipated -- even if you have done it many times.
Inventory Equipment
Most examiners have enough of a variety of equipment that they can perform
forensically sound acquisitions in several ways. Decide ahead of time how you
would like to ideally carry out your site acquisition. All of us will see equipment go
bad or some other incompatibility become a show-stopper at the most critical time.
Consider carrying two write blockers and an extra mass storage drive, wiped and
ready. Between jobs, make sure to verify your equipment with a hashing exercise.
Double-Check and inventory all of your kit using a checklist before taking off.
Flexible Acquisition
Instead of trying to make “best guesses” about the exact size of the client hard
drive, use mass storage devices and if space is an issue, an acquisition format that
will compress your data. After collecting the data, copy the data to another
location. Many examiners limit themselves to traditional acquisitions where the
machine is cracked, the drive removed, placed behind a write-blocker and
acquired. There are also other methods for acquisition made available by the Linux
operating system. Linux, booted from a CD drive, allows the examiner to make a
raw copy without compromising the hard drive. Be familiar enough with the
process to understand how to collect hash values and other logs. Live Acquisition
is also discussed in this document. Leave the imaged drive with the attorney or the
client and take the copy back to your lab for analysis.
Pull the Plug
Heated discussion occurs about what one should do when they encounter a running
machine. Two clear choices exist; pulling the plug or performing a clean shutdown
(assuming you can log in). Most examiners pull the plug, and this is the best way to
avoid allowing any sort of malevolent process from running that may delete and
wipe data or some other similar pitfall. It also allows the examiner access to create
a snapshot of the swap files and other system information as it was last running. It
should be noted that pulling the plug can also damage some of the files running on
the system, making them unavailable to examination or user access. Businesses
sometimes prefer a clean shutdown and should be given the choice after being
explained the impact. It is critical to document how the machine was brought down
because it will be absolutely essential knowledge for analysis.
Live Acquisitions
Another option is to perform a live acquisition. Some define “live” as a running
machine as it is found, or for this purpose, the machine itself will be running during
the acquisition through some means. One method is to boot into a customized
Linux environment that includes enough support to grab an image of the hard drive
(often among other forensic capabilities), but the kernel is modified to never touch
the host computer. Special versions also exist that allow the examiner to leverage
the Window’s autorun feature to perform Incident Response. These require an
advanced knowledge of both Linux and experience with computer forensics. This
kind of acquisition is ideal when for time or complexity reasons, disassembling the
machine is not a reasonable option.
The Fundamentals
An amazingly brazen oversight that examiner’s often make is neglecting to boot the
device once the hard disk is out of it. Checking the BIOS is absolutely critical to the
ability to perform a fully-validated analysis. The time and date reported in the BIOS
must be reported, especially when time zones are an issue. A rich variety of other
information is available depending on what manufacturer wrote the BIOS software.
Remember that drive manufacturers may also hide certain areas of the disk
(Hardware Protected Areas) and your acquisition tool must be able to make a full
bitstream copy that takes that into account. Another key for the examiner to
understand is how the hashing mechanism works: Some hash algorithms may be
preferable to others not necessarily for their technological soundness, but for how
they may be perceived in a courtroom situation.
Store Securely
Acquired images should be stored in a protected, non-static environment.
Examiners should have access to a locked safe in a locked office. Drives should be
stored in antistatic bags and protected by the use of non-static packing materials or
the original shipping material. Each drive should be tagged with the client name,
attorney’s office and evidence number. Some examiners copy drive labels on the
copy machine, if they have access to one during the acquisition and this should be
stored with the case paperwork. At the end of the day, each drive should link up
with a chain of custody document, a job, and an evidence number.
Establish a Policy
Many clients and attorneys will push for an immediate acquisition of the computer
and then sit on the evidence for months. Make clear with the attorney how long
you are willing to maintain the evidence at your lab and charge a storage fee for
critical or largescale jobs. You may be storing critical evidence to a crime or civil
action and while from a marketing perspective it may seem like a good idea to keep
a copy of the drive, it may be better from the perspective of the case to return all
copies to the attorney or client with the appropriate chain of custody
documentation.
Conclusion
Computer examiners have many choices about how they will carry out an onsite
acquisition. At the same time, the onsite acquisition is the most volatile
environment for the examiner. Tools may fail, time constraints can be severe,
observers may add pressure, and suspects may be present. Examiners need to take
seriously the maintenance of their tools and development of ongoing knowledge to
learn the best techniques for every situation. Utilizing the best practices herein,
the examiner should be prepared for almost any situation they may face and have
the ability to set reasonable goals and expectations for the effort in question.
Carol L. Stimmel is a Certified Computer Examiner (CCE), co-author of The Manager Pool, and former Vice-President, Consulting of Gartner. She has worked in technology for over 15 years and has been involved in engineering, security, knowledge management, and the establishment of successful entrepreneurial ventures.
CITSF provides certified consulting services to the attorney marketplace in the area of computer forensics and e-discovery.
Visit CITSF on the web at http://www.citsf.com She may be reached at 303-819-2068 or carol.stimmel@gmail.com.
Article Source: http://EzineArticles.com/?expert=Carol_Stimmel
Computer Forensics
There are numbers of impartial computer forensics authorities in developed countries who provide all litigation function at request of courts and their services can obtain for getting computer evidence. Computer Forensics identifies, acquire, restore, and analyze electronic data in litigation.
The computer forensics performs their legal duties regarding digital discovery of the documents. When we look into the legal history of these digital discovery authorities, their function as certified authorities to all document produced in digital form developed with advanced with electronic communication. The assistance of computer forensics is employed by foreign courts for purpose of getting forensic view about the e-data or electronic evidence.
The Computer Forensics authorities' employs various tools for purpose of verification of documents, starting from identify, acquire, restore, and analyze electronic documents for their admission and production before court of laws. There verification of documents is not limited to local disk data but even the remote server data is verified. From authentication of record to local hard drive to remote server, the certified forensic discovery authorities help in testifying acquired from data from NT, Novell, UNIX, and Linux servers and PCs, among others.
IDENTIFICATION: There procedure adopted by the digital discovery authorities start from electronic discovery is identification. The electronic discovery is the identification of likely sources of relevant information comparing it with original electronic document. The identification of computer document and its comparison with original record through critical step to help ensure that data is not overlooked and each aspect of date is properly maintained and there is no tampering of database while its production before court of law. There view about the electronic document are requested of disk or remote documents and go on-site to inventory the data and look for hidden sources of taxpayer for evasion of record. In many cases, they present a written e-discovery report of web site and its links with database where it has been hosted.
ACQUISITION: The identification of electronic documents is only the first step for proper identification of website link with data base. Once identified, the second step that they have to follow to gather the relevant information for authentication of the electronic evidence as to judge the reliance of the evidence. They take care to collect relevant information for coming to right conclusion regarding the authenticity of e-documents. They take care to avoid tampering of record and to maintain defensible chain-of-custody. There are three critical procedural phases judging the reliance of the electronic evidence and its presentation before the court of laws. Computer forensics employs uses forensically tools, their written protocols and internal procedures ensure that their work product with stands scrutiny in all jurisdictions where it is going to be presented before the court.
RESTORATION: There are many hidden sources of electronic evidence that can not be retrieved without seeking the assistance of the authorities of foreign jurisdiction. Once information regarding the evidence existed out state jurisdiction gathered, document must have to follow the same procedure of as defined in acquire. Rather it is foreign jurisdiction or not, important information is not retrieved without tested forensic procedures and documentation. The computer forensics helps courts to avoid any unnecessary production of documents, while ensuring that potentially relevant documents are presented, including encrypted, compressed, and password-protected files, are presented before court properly.
SEARCHING: Another method is used is filtering of electronic database received in electronic discovery. While undergoing search of the electronic evidence, the computer forensics uses a variety of methods, tools and appropriate search technique to widows and other operating system for increasing reliability of electronic document to the court of law. The electronic forensics authorities are given number of powers in connect with assessing the reliance of the electronic and figuring out the hidden sources of evidence.
PRODUCTION: The production and admission before the court of law is primary function of these forensics authorities and the computer forensics produces legal documents of data to court by their certification. They are granted certification power by statute or they are working as independent autonomous bodies being famous for their impartial reports, they are often asked by court to give opinion about the electronic having agreed by both parties to suit. They produce copies of the data selected for review and offer recommendations and certification regarding the nature of electronic database to be viewed, organizes data as evidence.
VERIFICATION: The computer forensics perform number of function, one of them is offering detailed written certified reports and analyses to courts to just adjudication of matter. As being declared as "friend-of-the-court" by experts, they assists judges with the interpretation electronic evidence being presented in court proceedings and the testimony of other electronic discovery experts. The court often needs the opinion of these experts regarding the building of the electronic evidence and reliance. For getting appropriate and meeting the reliance standard, although careful attention to detail in the early stages of electronic discovery builds solid expert testimony. The real aim of computer forensics to assist the court in reaching just conclusion regarding production of data as evidence but in Pakistan we have not yet legislated on role of computer forensics as expert role for identification, production and its admission before the court of law.
Here need to encourage the computer forensics in Pakistan for getting accurate information for digital evidence. Their services can be obtained by contractual basis, or they can be incorporated in taxing authorities as confirming them special inspection power.
Currently no computer forensics authorities are running their business in Pakistan, reason may be, and no efforts are made to provide legal framework for establishment of certification authorities and to discuss the economic measures for their promotion. The specific amendment should be made to incorporate, computer forensics, proposed vigilance authority as part of the tax structure so that the avoidance of the tax can be minimized.
The writer is an advocate of High Court and practicing immigration and corporate laws in Pakistan since September 2001. Author can be contacted by Adil Law Company (Advocates and Immigration lawyers) Office No.3 2nd Flr Hafeez Chambers 85 The Mall Rd Lahore Pakistan Telephone: +9242-6306195 +9242- 6360108 Fax: + 9242 6360108 Cell: +92300 4254910 E-mail: adil.waseem@lawyer.com
Article Source: http://EzineArticles.com/?expert=Adil_Waseem
Legal Procedure of International Computer Forensics Authorities
Computers have dramatically changed the means of communications and there has arisen new situation where traditional standards of gauging reliance of evidence have been defect owning to emergence of computer crimes. These crimes are related with electronic credit Cards and ATM fraud, misuse of Trade marks, e-copyright infringement, cyber hacking, etc. and these offences are committed by means of computer related tools and equipments which are extremely difficult for administrators of justice to comprehend the nature of offend and collaborating evidences presented for prosecution of these offences. In these complicated situated the assistance of computer forensics authorities are sought for arriving at correct opinion about digital evidence.
These impartial computer forensics authorities have been the part and parcel of legal system developed countries that provide all litigation function at request of courts and their services can obtain for getting computer evidences. The procedures of these authorities are regulated by special enactments according to the nature of offence committed. There are given statutory powers to identify, collect, produce, certificate and present written electronic reports in civil and criminal trial for administration of justice. These computer forensics authorities perform their legal duties regarding digital discovery of the e-documents.
When we look into the legal history of these computer forensics authorities, these were used in the course of prosecution for over twenty-five years in United State and in last decade, the numbers of computer forensics authorities were given license to establish their impartial set up for certify all documents produced in digital form developed with advanced with electronic communication to the investigating agencies and to court of law. The functions of computer forensics were given statutory powers for purpose of getting forensic view about the e-data or electronic evidence.
The Computer Forensics authorities’ employs various procedures and tools for purpose of verification of documents, tracing the nature of offence from identification, collection and verification of electronic documents. After adoption of the complicated procedure they present legal version of these electronic documents in paper based form for admission before court of law. These functions are not limited to local disk data but even the remote server data is verified for purpose of gauging the veracity of these documents. The authentications of e-records from local hard drive to remote server are done in numbers of computer operating systems.
These procedures are adopted by the computer forensic authorities governed by prevailing law of state regulating the internal structure of these authorities. The identification is first step towards the electronic discovery and its likely sources of relevant information comparing it with original electronic documents. The identification of computer documents and its comparison with original record through critical step to ensure that data is not overlooked and each aspect of date is properly maintained and there is no tampering of database while its production before court of law for just adjudication of matter meeting the legal standard provided by the legal system. The views about the electronic document are requested of disk or remote documents and to inventory of the data and to look for hidden sources of deletion or tampering of e-records. In many cases, they present written e-discovery reports of cyber space and electronic communications and its links with database where it has been hosted or linked.
The Collection of electronic documents is only the first step for proper identification of website link with database. Once it is identified, then they precede steps towards that they have to follow and gather the relevant information for authentication of the electronic evidence as to judge the reliance of these evidences. They collect relevant information for coming to right conclusion regarding the authenticity of e-documents. They adopt numbers of modern devices to avoid the tampering of records and to maintain defensible protected documents. The critical procedural phases judge the reliance of the electronic evidence and its presentation and admission before the concern courts. The Computer forensics authorities employ internationally recommended devices for written protocols and internal procedures to ensure that stands scrutiny in all court jurisdictions where these are presented for purpose of admission of these e-documents.
There are many hidden sources of electronic evidence that can not be retrieved without seeking the assistance of the authorities of foreign jurisdiction and in number of criminal cases, the coordination are done through international protocols and agencies. Once information the regarding the evidence existed out of state jurisdiction is gathered, document must have to follow the same procedure of as mentioned above.
In number of international license of computer forensics authorities, they are often license holder numbers of jurisdictions for collection and acquisition of true electronic records. The questions out of state jurisdiction does not arise in case international reputed computer forensics authorities. Rather it is foreign jurisdiction or not, important information is not retrieved without tested forensic procedures and documentations. The computer forensics authorities helps courts to avoid any unnecessary and uncertified production of documents, while ensuring that potentially relevant documents are presented, including encrypted, compressed, and password-protected files, are presented before court properly in accordance with the law of respective State for prosecution of the offenders.
Another procedure is used that of filtering of electronic database collected in electronic discovery while undergoing search of the electronic evidences. The computer forensics authorities employ the variety of methods, tools and appropriate search technique to Widows and other operating system for increasing reliability of electronic documents for just adjudication of matter. The electronic forensics authorities are given numbers of statutory powers in the matter connect with assessing the reliance of the electronic and figuring out the hidden sources of evidence connected dispute in question and offenders involved in commission of these electronic crimes.
The admission of electronic documents before the court of law is primary function of these forensics authorities. The computer forensics authorities produce legal documents of certified documents to court of law and they also collaborate with investigating agencies in reaching right conclusion about act or omission on part of electronic offenders. They are granted certification power by statute or they are working independent autonomous bodies being famous for their impartial reports, they are often asked by court to give opinion about the electronic documents having agreed by parties to suit. They produce copies of the data selected for review and offer recommendations and certification regarding the nature of electronic database to be viewed as evidence meeting all standards of its admission.
The computer Forensics authorities perform numbers of other functions, one of these are offering detailed written certified reports and analyses to courts to just adjudication of matter and for fair prosecution of electronic crimes offenders. As being declared as expert’s reports, they assist judges with the interpretation electronic evidence being presented in court proceedings and the testimony of other electronic discovery experts. The court often needs the opinion of these experts regarding the building of the electronic evidence and reliance. For getting appropriate and meeting the reliance standard, although careful attention to detail in the early stages of electronic discovery builds solid expert testimony.
The real aim of computer forensics to assist the court in reaching just conclusion regarding production of data as evidence but in Pakistan we have not yet legislated on role of computer forensics as expert role for identification, production and its admission before the court of law. Currently no Computer Forensics Authorities are running their business in Pakistan, reason may be, and no efforts are made to provide legal framework for establishment of certification authorities or to discuss the economic measures for their promotion. Here need to encourage the computer forensics authorities in Pakistan for getting accurate information for digital evidence. Their services can be obtained by contractual basis, or they can be incorporated in legal system as confirming them special substantive and procedural powers. The specific amendments should be made to incorporate computer forensics authorities into substantive, evidence and procedural laws to make the courts technically and legally able to deliver best judgment on issues affecting the electronic records.
The writer is an advocate of High Court and practicing immigration and corporate laws in Pakistan since September 2001. Author can be contacted by Adil Law Company (Advocates and Immigration lawyers) Office No.3 2nd Flr Hafeez Chambers 85 The Mall Rd Lahore Pakistan Telephone: +9242-6306195 +9242- 6360108 Fax: + 9242 6360108 Cell: +92300 4254910 E-mail: adil.waseem@lawyer.com
Article Source: http://EzineArticles.com/?expert=Adil_Waseem
Understanding Computer Forensics Reports - A Loud Whisper!
I can hear it now! You are letting the cat out of the bag. By explaining computer forensic reports, you are aiding and helping computer criminals to cover their tracks.
But, there is always another side to an argument. By releasing this information, it can help people help computer forensic experts catch the criminals. Besides, people who commit computer crimes are very good at what they do. I am not releasing anything here they may not already know.
With that out of the way, let's dive in.
What makes up computer forensics reports? Where does the information come from? Who puts them together?
Let's start with the Who.
Computer forensics reports are prepared by computer forensics investigators. They gather the necessary information, analyze them and then draft out the final computer forensics reports. As good as they are, computer criminals oftentimes leave behind clues which aid the investigators to track down the root cause of their crime.
Even when the files have been deleted from the specific location in the computer, the original data is not at all erased from the entire computer system. With certain techniques, tools, and skills that the investigators are equipped with, the analysis of the fraudulent act or crime can be made with such accuracy.
Where does the computer forensic report information come from?
There are four main areas where the investigators gather their evidence from. There are other areas which are looked into but the following are the most commonly looked areas.
1. The Saved Files:
These are easy. If you saved it, it's in the computer. All the investigator needs to do is open them up to examine them. They don't need anything special to view or examine them.
2. The Deleted Files:
When data is deleted, it is put in the trash bin. The computer forensic expert will look in the bin to see what is in it.
The tougher part is the deleted files that have also been deleted from the trash bin. These will require special software in order to restore them.
3. The Temporary Files:
These data are produced when one browses through the Internet, works on any document, and uses some other types of backup software and other installations and applications.
You can open some temporary files on the computer they reside on without any special software or tool. Others will require the use of special tool or software.
4. The Meta Data:
The Meta data gives you the details of a document or file. Among the details which appear include the date that such files had been created, modified, and the last time when it was accessed. You can even get information about the creator of the file.
What makes up computer forensics reports?
Computer forensic reports will be made of information from the above four sources. It will also include information gathered from e-mails, file transfers, web browsing, online accounts, charts, and internet searches. Unknown to some people is that their web searches can be retraced.
There you have it... the secret, but not so secret computer forensic reports. It is by no means comprehensive, but you get the idea.
Note: You are free to reprint or republish this article. The only condition is that the Resource Box should be included and the links are live links.
Copywrite Kenneth Echie. Kenneth writes for Criminal Justice Schools and Degrees. Get free scholarship and grant report and learn about Computer Forensics by visiting.
Article Source: http://EzineArticles.com/?expert=Kenneth_Echie
The Roles and Duties of the Computer Forensic in the Criminal Justice Field
In the global village called the internet, not everyone plays nice. You always hear of the word "hack". It is mostly used in relation to invading of computers. Most of these are not entirely true but computer network systems do get hacked. If and when it does happen, it usually involves something sinister.
Even employees of companies do engage in snooping or to use our favorite word, hacking. The birth of the internet has led to more of this. Anyone can be anything online. This is why fraud, phishing, and identity theft happen.
The computer has become an important part of everyday life. Sending letters have been entirely changed by emails. Communications have been dominated by instant and text messaging. Portable storage devices that were an exclusive preserve of Information Technology professionals are now used by the general public.
I think you are already getting the idea of why computer forensics are needed. In the event that hacking does occur, the computer forensic will do the following:
1. Like any other investigation, the computer forensic must handle the area as a crime scene. He or she will take digital photographs and secure documentary evidence. This will include printouts, notes and disks in the scene.
If you are the one who hired the computer forensic expert, you should leave everything to them. The computer system should be left as is whether it is turned on or off.
If the computer was left on, the analyst will gather all the information that he or she can from the running applications. The computer will then be shutdown in a way that the data will not be lost. Doing a standard shutdown or pulling the plug is not an option. Both of these methods may cause the loss or damage of the data in the computer system.
2. The forensic investigator must then document the configuration of the system as you would document a crime scene. This should include the order of hard drives, modem, LAN, storage subsystems, cable connections, and wireless networking hardware. The analyst may make a diagram to go along with the digital photographs. They will also take portable storage devices within the area that may contain substantial evidence.
3. The computer forensic expert must take all the evidence to the lab. This is because the analyst should not examine the evidence in the same hardware. People who engage in cyber crimes are also aware that important data can be retrieved to convict them. Countermeasures, viruses and booby traps may be installed in the system to damage electronic evidence.
Analysts take the hard drive in their lab instead to make an exact duplicate of its contents. This process is called Imaging. Analysts have their own tools to make sure that the data is copied completely and accurately.
The duplicate will then be verified by an algorithm. The data is then examined and analyzed. The analyst makes a report of his or her findings and the process that was taken during the investigation starting from the acquisition of the data. This evidence will be presented in court if prosecution is necessary.
The computer forensic plays many roles and duties in the criminal justice field. It is hard to cover all of them in this short article. I encourage you to do more reading if you are interested in this field. You can do this by visiting websites that cover the profession in more detail.
Note: You are free to reprint or republish this article. The only condition is that the links should be clickable.
Copywrite Kenneth Echie. Kenneth writes for Criminal Justice Degrees. Get free scholarship report and learn about Computer Forensics by visiting.
Article Source: http://EzineArticles.com/?expert=Kenneth_Echie
Computer Forensics is Changing the Way We Fight Crime
Crime fighting has moved to a new and different playing field in recent years. There has been a great push to come up with new and ingenious methods of fighting crime in order to combat the new territories crimes are covering. The best tool in the war on crime in the information age is computer forensics.
Computer forensics is a highly specialized type of computer work that when done properly can uncover information that has been lost (whether intentionally or deliberately) from the computers main memory. The information remains but the computer can be told to ignore the existence of that particular data. Someone skilled in computer forensics can find that lost (or misplaced) information and restore it. In some instances this becomes evidence and in other instances it can lead to more information or the real evidence. Regardless, when it comes to computers, digital forensics is an important tool.
Using computer forensics can uncover all kinds of crimes in order to make the world safer. People will say thins and research things online. Those things become a matter of record. Hanging out in message boards and forums leaves a trace. Searching for certain information leaves a trace.
The places criminals visit online leaves a trace that someone skilled in computer forensics can find. Some evidence is found more easily than others depending on the types of efforts that were taken to remove the trail they left behind. In general, though that information is more difficult to hide than most people realize. Especially to hide from the capable hands of someone trained to dig it out.
What Kind of Information can be Uncovered?
When it comes to fighting crime, there are many ways that computer forensics has proven to be effective. The information that is uncovered can be anything from espionage to theft and several other crimes in between. Evidence of affairs, money laundering, smuggling, and other crimes have also been uncovered as a result of computer forensics.
The most important thing to remember about computer forensics though when you find yourself in need of this vital services is that you need to make sure you find someone qualified to handle the job if you want it done right and you want it done well. This is not a job that just anyone off the streets can do. For the other side of the crime fighting table, computer forensics can be used in order to discover evidence to exonerate the falsely accused taking justice one step further and insuring that crime fighting efforts are aimed in the right direction.
CyberEvidence is a leading computer forensics business in the Houston area. Their specialist staff can assist you with all your computer forensics problems, whether your in the Houston area or in another part of the country. For more details, please visit: http://www.CyberEvidence.com
Article Source: http://EzineArticles.com/?expert=Micah_Huffman
Computer Forensics Explained
Computer forensics and mobile phone forensics is not about processing data; but about investigating people and their actions in relation to a computer or other electronic data processing or storage device. Therefore looking to find and use information about what has happened to data as evidence to pinpoint fraudulent, dishonest or deceptive behaviour in individuals
The forensic investigation of data held on mobile telephones, PDAs, laptops, PCs and other data processing and storage devices provides a valuable resource in litigation, and dispute resolution, in many cases the recovery of deleted e-mails, and 'hidden' data, of which the computer user may be, and probably is completely unaware. For example, information embedded in the computer file or cached to disk about the sequence of access and editing of a document, when and who by. This delivers new evidence that is often sufficiently compelling to short-circuit the whole dispute.
There is a prevailing misconception in the minds of many that retrieving deleted data involves no more that restoring what is in the recycle bin or trash can. Analysis through computer forensics and mobile phone forensics requires far more than just copying files and folders from targeted computers or devices. Data from computers needs to be specially imaged to produce an exact copy showing the data stored within.
Three key points to ALWAYS remember with all electronic data storage devices, including computers and mobile phones
1. Computer evidence must be SECURED quickly to reduce the risk that it might be destroyed, accidentally or deliberately
2. If the device to be investigated is discovered powered off, DO NOT SWITCH IT ON
3. If the device to be investigated is discovered powered on, DO NOT SWITCH IT OFF
Recovering deleted or partially overwritten data is technically challenging if the resulting evidence is to be relied upon in litigation. Most IT departments have not had the training or investment in appropriate hardware and software to undertake this without compromising the data.
Gemma Freeman is an expert in Computer Forensics more information can be found at http://www.dgiforensic.com
Article Source: http://EzineArticles.com/?expert=Gemma_Freeman
An Insight Into the World of Cyber Forensics
Introduction
Mention crime and we think of robberies, murders and detectives examining the crime scene, interrogating witnesses and finally nailing the guilty.
But there is, however, another kind of crime, where traditional methods of criminal investigation fall flat on its face. Instances like hacking, cyber fraud, phishing, identity and data theft, all account as cyber crime. Cyber crime can be defined as an illegal electronic operation that target the security of computer systems and data processed by them. Even though it may appear that the effects of cyber crime are not life threatening, they have the potential to disrupt life. A survey in UK inferred that people were more scared of their bank accounts being hacked or credit card details stolen over the internet, than they were of robberies. There have been numerous cases, wherein people have been vulnerable to cyber crime in one way or the other. Crime can never be eradicated, but it can be prevented with the help of effective security to information. Whenever cyber crimes are committed, cyber forensic experts enter the scene and try to sniff out the clues and help in catching the culprits.
Skills and Tools
A cyber forensic expert is supposed to be adept in network security because most cyber crimes take place over networks. They should be competent in data recovery and encryption, because data and passwords are the targets of information theft. The experts should also be aware of cyber laws as most of the cases can got to court, where the forensic expert would be calles either as a witness or an examiner. A cyber forensics expert need not necessarily have to deal with computers all the time. Depending on the nature of cases and crime committed, the experts have to work on mobile phones, PDA's, USB drives, media players, etc.
When it comes to corporate houses, they don't really tend to trust the cops. They guard their systems and data by hiring the services of experts in information securities, such as Agape Inc. Also the process of collecting evidence after a cyber crime has been committed is not a cakewalk. Lot of care needs to be taken while collecting the evidence and processing them, as the loss of even an electron of information could mean that the data would not stand up to legal scrutiny. Of course, the job of forensic experts is very difficult, but they are assisted by some tools which help in processing the data quickly. The cyber forensic tools are software packages that can be used to preserve the state of storage devices or extract data from them. These softwares fall in 3 categories:
1. Open source software
2. Proprietary software
3. Tailor-made software for specific needs, designed by companies.
Courses and Career Path
The field of cyber forensics is still evolving and there is a lot of confusion on the part of students who are interested in pursuing this as a career option. To be good in this field, one needs to master various disciplines.Not only should they be experts in examining an evidence, they should also know the legal procedures of presenting the evidence in the court. For example, a cyber forensic expert would work on computer networks as well as network security. This means that network security certifications from renowned institutes/companies are essential for the candidate, to provide a good starting point.
A career in cyber forensics can be sought both in public and private sector. In the public sector, people are mostly absorbed into law enforcement agencies, state forensic departments and central agencies. In private sector, the scope for cyber forensic experts is immense as many experts would be required to detect and solve the increasing cyber crimes. Also, after sufficient experience, professionals can divert into freelancing and become independent security consultants.
Thus the job of a cyber forensic expert is a mixture of a cop and a geek, which is challenging and interesting, for committed professionals.
The author Sameer Fadnavis can be reached at - http://agapeforensic.com
Article Source: http://EzineArticles.com/?expert=Sameer_Fadnavis
Posts
