Computer Forensics

523 Words2 Pages

Computer forensic science is the forensic discipline of acquiring, preserving, retrieving, and presenting electronic data. It is a process and this process consists of five stages. The first stage is intelligence. This begins with an analysis to gain the understanding of the issues surrounding the incident, crime or crime scene. The second stage is the hypothesis or theory formulation. The investigating officer will need to develop a hypothesis of the case. Stage three is evidence collection. Once the evidence is collected, it will be used to test the hypothesis. Stage four is testing. The e-evidence is examined to identify what could or could not have happened. Lastly, stage five is the conclusion. It is then determined whether or not the evidence …show more content…

They are seizing the computer. Of course, this requires a warrant. Stage two is backup. They are required to back up the device before continuing on with the investigation. Stage three is evidence extraction. The investigator enters the searches manually. The evidence is viewed through built-in content viewers within Expert Witness. Stage four is case creation. This allows the extracted information to be placed in a case file. Stage five is case analysis. Trained investigators use this process to search the computer evidence for documents, deleted files, images, e-mail, slack space and unallocated disk space. Stage six is correlation of computer events. This process is used to piece together different computer evidence to establish a timeline, order of events and related activities. Stage seven is correlation of non-computer events. This process uses telephone records, credit card receipts, testimonies, physical evidence, and reports to put other pieces together. Lastly, stage eight is case presentation. After all of the evidence and information has been analyzed and correlated, it is then ready to present to a judge or jury. (Volonino & Anzaldua,

Open Document