Mikayela Richey
CISC101-53 Introduction to Computers
Professor Collins
September 15, 2014
Computer Forensics - Project #4
Computer Forensics- Project #4 Computer Forensics is the use of analytical and investigative techniques to collect, identify, and examine and preserve evidence and information which is stored. It is used to provide digital evidence of specific or general activity which could help investigators solve a crime. A computer forensic investigator or forensic analyst is specially trained professional who can work with law enforcement agencies as well as private firms, to retrieve, information from computers and other types of data. A forensic investigation can be used for many reasons. The most usual use for computer forensics
…show more content…
The computer forensic examiner will make a copy of information from the device that is being investigated. A device called a write- blocker is used to make an exact bit for bit copy of the original data. The examiner will work from the copy to prevent losing the original data. Equipment can easily be damaged from either internal or external factors. When equipment is damaged, the Analyst has to dismantle and rebuild the system to be able to recover any lost data. After they retrieve the lost data, the analyst has to write a report detailing how the computer evidence was found and the retrieval process. Some times the analyst has to give a testimony in court stating the evidence that he or she collected. Terrorist organizations may use the internet to find new members and sexual predators use social networking sites to stalk any potential victim. Criminals using the internet fail to realize that computer that computer files and data remain on their hard drives even after they have been deleted. This allows investigators to track their criminal activity. When criminals fail to cover their track when using technology, it makes it easy to implement them for their
It is the computer forensics job to look through all of the computer files, even the deleted ones, to see if there are any incriminating files that would prove them guilty. Even reporting them to the jury is one of the jobs that a computer forensic person might have. Not only does this community work closely with eh police force, they can also work within the FBI or a company that uses computers in their business like Apple. Th...
In order for computer forensics findings to be admissible in a court of law, the tools and methods used to collect such data must ensure its integrity. According to Marie-Helen Maras (2012), “As with other forms of evidence, the original captured network traffic data must be kept intact. An investigator must ensure that any programs that are run to obtain evidence do not modify data on the system” (p.286). The National Institute of Standards and Technology (NIST) maintains the Computer Forensics Tool Testing (CFTT) program to help investigators choose the appropriate tools for this purpose.
Forensic science has paved the way to a new world of technological advancements in solving crime, through DNA analysis, new technology such as M-Vac, improving systems such as CODIS and other investigative methods. As forensic science technology advances, the chance of an individual being able to commit a crime and walk away free without leaving any trace of evidence will lessen. While forensic science has its limitations, it can be the only way to provide an accurate account of what actually occurred at some crime scenes.
The first and most important step in the entire process for collecting evidence is to document the scene. It is extremely critical that an investigator capture as accurate a depiction of a crime scene as possible (Solomon, Rudolph, Tittel, Broom, & Barrett, 2011). This can be accomplished in a number of ways. These include taking a photograph of the scene to preserve the original image of the scene for a judge and jury. Investigators can also take images of a computer system. It is necessary to take hash images of volatile data first as volatile data relies on a constant flow of electricity to keep in system memory. Things that are considered volatile are registers, the system casche, routing tables, kernel statistics, memory, temporary file systems, disks and archived media (Soloman, Rudolph, Tittel, Broom, & Barrett, 2011). The first thing an investigator s...
Computer Forensics is defined as “the application of computer investigation and analysis techniques in the interest of determining potential legal evidence” [Nelson, Bill, Phillips, Amelia, Enfinger, Frand, and Stewart, Chris (2004)] and has been prevalent in the law enforcement fields and government agencies since the mid-1980s. [Daphyne Saunders Thomas, Karen A. Forcht(2004)] Yet still, the existence does not justify the cause for the creation, development, and the integration of computer forensics into daily life. An online article from Penn State University goes into the history in more detail. The first actual legislation involving computer crime took place in the Counterfeit Access Device and Computer Fraud and Abuse Act in 1984. Among other things, this enforcement made it officially a misdemeanor to obtain financial or credit information through a computer. Because of this laws nature (being a federal legislati...
Computer forensic investigators have the tough job of finding a “binary” smoking gun. In order to do this, the investigator must be trained, qualified and have an “eye” for things that others may not see. The investigator must take into consideration that each computer examination is unique (Solomon 2011). Understanding the hardware, its operating system and other peripheral or network devices make this job that more difficult.
When it comes to forensic analysis in the laboratory, there are a few techniques that involve the separation of different substances. Chemical partitioning is an important process in the field of forensic science. The examination of evidence that involve this process help with finding concrete information in a case. If we did not have these techniques, it would be impossible for scientists to tell the differences or similarities between two substances. The forensic analyst must perform these types of examinations in order to figure out if an unknown sample is similar to, or the same as a known sample. Therefore, the analyst will be able to find out if the sample is a certain type of substance.
The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of computer crimes, law enforcement agencies use computer forensic to investigate these offenses. Actually, computer crimes are governed by specific laws and dealt with through conducting a computer forensic investigation (Easttom & Taylor, 2011, p.337). Notably, a computer forensic investigation is usually carried out through the use of computer forensic tools, which help in collection of evidence based on the specific offense.
Tool mark analysis- This is where the forensic investigators will photograph or sketch (when the whole area can’t go to the lab) impressions made by tools used in the crime. At the lab, they will compare tools and marked objects to identify specific tools. 3 types of tool mark impressions are: compressions; pressed into soft materials, sliding; tool scrapes across surfaces, and cutting; a combination of both compression and sliding.
Presently, because the importance of digital forensics it has its own field of computer forensic expertise, training and certification.
What did they do ? Before we talk about it any further, we have to know some definitions that we use in digital forensics and digital evidence, not only two of them but the others too. This chapter will explain about it . Before we talk about it any further, we have to know the definition of what we are talking about. In the introduction we already know what digital forensic and digital evidence shortly are. In this chapter, we will more explore what they are, and some state that we found when we search about digital forensic and digital evidence. Computer forensics is a broad field and applied to the handling of crimes related to information technology. The goal of computer forensic is to securing and analyzing digital
The biggest challenge investigators face and who is involved with high tech crime is the fast-paced constant evolving nature of technology. When companies come out with new devices or new versions of old devices which is almost all the time, and those who gather digital evidence must remain current to be able to locate and preserve all potential evidence. As technology evolves the capacities of these devices will rapidly increase while their form factor grows continually smaller. Investigators must preserve digital evidence to make sure it is suitable for presentation in court as well. Investigators must first never change a crime scene or alter evidence. It is their goal to document and preserve the scene exactly as it was when the crime occurred. Extreme caution and care is needed because the mere act of documenting or cataloging a crime scene means that investigators are interacting with the scene. The second concern is the physical fragility of the evidence. Care must be taken to keep items from getting wet, stepped on etc, this can also be applied to digital evidence. Investigators have been able to examine hard disk drives that have been through fires because the drives are usually air and water tight and impervious to temperatures into the thousands of degrees. The third issue is that digital evidence can be lo...
In a day and age where technology is the best known way to spread information that would otherwise be kept on the down low, a computer becomes a quiet man's public mind. When police go to search a suspect’s home to find what might have caused them to take a gun into an elementary school and kill innocent children and people, the seizure of a computer can become the biggest insight to investigators as to what leads to such an event. Computer forensics is defined as “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-CERT, “Forensics”). Computer forensics is a
Computer forensic experts use variety of procedure and function to identity the hard drive contents, hidden folders and unallocated disk spaces for damaged, deleted and encrypted files. These evidences are properly documents, organized and stores in the original form to actual litigation. Crucial data's are gathered from multiple sources recorded in digital form. This includes text messaging, emails, internet, tapes, disks, CD's and printouts. In the clear sense, it is used to investigate crimes directly or indirectly related to
Personal computer Forensics at this point assist in fixing crimesWe at this point dwell inside a electronic digital era where by the personal computer spreads throughout you'll find element of your life. Practically all orders in addition to info of our own pursuits are actually recorded in an electronic form. Sad to say, the a digital age has additionally ushered in a era involving a digital criminal offense. Laptop or computer forensics involves researching personal computers pertaining to evidence of crimeand likewise pertaining to research inside conventional offences. Some examples involving cybercrime include hacking, releasingviruses in addition to a range of world-wide-web downsides as well as phishing as well as spoofing involving