DIGITAL FORENSICS FUNDAMENTALS

Digital Forensics Fundamentals

Digital Forensics Fundamentals

Part B

Referring to the situation my course of action will be based on the latest laws on digital forensics that will be applied to this scenario. Computer forensics is the submission of computer investigation and analysis methods in the concerns of determining promise lawful evidence. It is a process that can proceed on for an unpredictable allowance of time extending from a month to several years, with forensic experts taking some very cautious steps to identify and attempt to get possible clues that may exist on a subject computer system.

Forensic analysis as the process the researcher benefits to discover data precious to an investigation. Once digital clues have been protected, the investigators use software to identify, get, and safeguard the computer data applicable to the enquiry at hand. For the case of data that is stored on hard drives, floppy disks, CD-ROMs, zip disks and on other storage media, the software will be able to perform the following: Discover all files on the subject system; which includes existing normal files, deleted yet remaining files, hidden files, password-protected files, and encrypted files; 2. Recover deleted files; reveals the contents of hidden files as well as temporary or swap files used by both the application programs and the operating system.

Access the contents of protected or encrypted files; analyse all possibly relevant data found in special areas of a disk like unallocated space on a disk that may be unused but possibly the repository of previous data that is relevant evidence as well as slack space in a file (the remnant area at the end of a 3 file, in the last assigned disk cluster, that is unused by current file data, but may be a possible site for previously created and relevant evidence); 6. Print out an overall investigation of the subject computer system, as well as a listing of all probably relevant files and found out document data. (Derrick Lemans 2007 Pp. 91-94.)

Phases of Computer Forensic enquiries the stages of computer forensic enquiries can be categorized into four: - Readiness, assemblage, Analysis and Post-Analysis. Readiness Before the genuine incident occurs; an investigator should be prepared to deal with it when the need arises.

Training and testing staff are taught on how to identify, search, assemble, handle and transport electrical devices evidence. Digital evidence includes computer evidence, digital audio, digital video, cell phones, and digital fax machines to name a few. The integrity and integrity of digital clues is an important component of digital forensics since every court will be looking for the integrity of clues before it is accepted. While investigation takes place it's important to value what is stored on or transmitted by an electronic device.

It further distinguished digital clues as latent in the same sense as fingerprints or DNA (deoxyribonucleic unpleasant) clues is and can transcend borders with ease and pace, is fragile (can be easily changed, damaged, or decimated) and occasionally ...