home

Computer Forensic

Read Complete Research Material

Computer Forensic

Computer Forensic



Outline and describe the process of computer forensics:

Compute Forensic is the process of investigating electronic devices or media computer for the purposes of discovery and analysis available, delete, or "hidden" information that may serve as a useful guide in support of both claims and legal defenses to the issue, as well as it can be useful when the data was deleted accidentally or lost due to hardware failure. However, this is a method that is very old but now has changed a lot because of technological advances, modern tools and forensic medicine, which makes it much easier for the forensic computer to find and recover more evidence and data faster and more accurately. When working with digital evidence should be used four stages of the investigation and the accompanying procedures. These steps can be summarized as follows:

Assessment of the situation. The analysis framework of the ongoing investigation and action as necessary;

Data collection. The collection, protection and preservation of the original evidence;

Data analysis. Study and comparison of digital evidence of the events for a successful appeal to the law enforcement agencies;

Report of the investigation. Collection and organization of the information received the writing of the final report (George & Mohay, 2003).

Types of training must be provided to computer and network forensics investigators:

In order to detect such anomalies, one must know the operating parameters normal. To do this, the IT staff must make preparations before a computer security incident occurs. It is necessary to document the behavior of systems, devices, operating systems and networks that are used every day. In addition detect computer security incidents, it also allows staff to determine if other problems are. The creation of such thresholds can be done in several ways, in several sectors, including the following:

Develop basic facilities for each group of systems; document the patches installed for the operating system, third-party software installed and whether they have received the necessary fixes, and any configuration special system.

Knowledge of system performance (knowing the type of normal or abnormal return)

Understand the use of the system (know the type of load normal or abnormal)

There are many types of devices and applications in which investigator should be trained to perform such functions, including following: Firewalls (log files) Routers (log files)

Systems for intrusion detection based on the host Systems for intrusion detection based on the network

Programs hashing files programs that calculate in advance the hashes for files that allow critical computer and validate hashes in the wake of an incident (Ross and Gow, 1999).

With regard to the above scenario, as the crime scene technician, what would you photograph? Why? Explain in detail.

As far as the above scene is concerned, as a crime investigator initially I would photograph all the related cabinets of CDs and DVDs if available because it will be helpful to have a glimpse about the pile of previous data. Secondly I would take some shots of any available photographic instrument like camera or recorder it will reflect ...
Related Ads