Computer Forensics
Background & Scope of Computer Forensics
- Computers are either used as a tool to commit a crime or have become a target for these crimes
- Cyber crime encompasses any criminal act dealing with computers and networks
- Includes traditional crimes that are committed through the use of a computer and the Internet
- Computer Forensics are commonly used to solve both cyber and traditional crimes
Objective of Computer Forensics
- Recover, Analyze and Present material in such a way that it can be presented as evidence in a court of law
3 Stages in Forensics Investigation
1. Evidence Acquisition
- Identification
- FI starts investigation by identifying the evidence and its location
- It is a challenge for FI to locate and identify information/data
- Preservation
- Forensic Investigator (FI) must preserve the integrity of the original evidence
- Original evidence should not be modified or damaged
- FI must make an image or/and a copy of original evidence before performing an analysis
- FI should compare the copy with the original to identify any modifications or damages
- Hashing
- Prove that all evidences are exactly the same as the original data. Down to the very last bit.
- Hash function is any well-defined procedure or mathematical function for turning data into a relatively small integer
2. Investigation & Analysis
- Extraction
- After Identifying and locating evidences. Data should be extracted immediately
- Volatile data can be lost at any time. FI must use the copy to extract these data from the original evidence
- Extracted data must be compared with original evidence and analyzed
- Interpretation
- Most Important role of FI during investigations is to interpret what the FI has found
- Analysis and inspection of evidence must be interpreted in a lucid manner
3. Report Findings
- Documentation
- Documentation relating to evidence must be maintained from the beginning till the end of the investigation.
- Includes the chain of custody forms
- Documentation relating to evidence must be maintained from the beginning till the end of the investigation.
Last update:
June 11, 2023
Created: June 11, 2023
Created: June 11, 2023