IT550 UNIT 6 ASSIGNMENT

IT550 UNIT 6 ASSIGNMENT

Introduction

Computer forensics applies computer investigation and examination techniques that help in collecting proof regarding something that has happened on a computer and is to be preceded in a court of law (Bassett et al, 2006). Computer forensics needs a proportionate blend of technological skills, legal insight, and moral conduct. Computer forensics experts employ powerful software tools to expose data to be sorted through, and then must figure out the significant facts regarding how to present them in a court of law (Claire, 2011).

Discussion

The computer forensics is the science which studies the identification, preservation, protection, retrieval, documentation, and any other form of treatment because of information in order to be perceived in the legal process and study, for evidentiary purposes. Therefore, the advantages of the use of the Forensic tool in investigation include: Protecting companies and individuals from being victims of crimes, Identification of the crime Retrieval, preservation and documentation of the crime (Owen, 2000)

The three forensic tools:

Access Data Forensic Tool Kit (FTK)

This forensic toolkit has customizable filters that allow you to select from thousands of files to quickly find the proof you need. Forensic Toolkit is recognized as the leading forensic tool to perform email analysis, which can be used as evidence in the investigation (Stanton, 2003).

Autopsy (Forensics Browser for Sleuth Kit)

The Autopsy Forensic Browser is an HTML-based graphical user interface for the tools of Sleuth Kit. Several investigators can be defined to edit the same analysis system different cases simultaneously. Such an investigation case will be referred to the program as a case. A case may include multiple hosts and multiple investigators to work on a case. (Stanton, 2003)

Netcat

Netcat is an open source program in the command line of remote communication with the protocol used is TCP protocol with both the UDP. Netcat is designed to be easily used, yet be a useful tool for the ' network administration and investigation (Stanton, 2003). The tools should be specifically based on the purpose of investigation, only be limited to the investigating teams & should not be misused.

Process involved in computer forensics

It is very important to know the history, current situation and the processes to continue to make the best decision with respect to searches and research strategy. A process involved in computer forensics list is mention below. 

Identification

Identification is that process that involves recognizing good computer, using it within the network, starting in ...