Computer forensics is the process that applies computer science and technology to collect and analyze evidence which is crucial and admissible to cyber investigations (Sindhu & Meshram, 2012). Adding the ability to practice sound computer forensics will help ensure the overall integrity and survivability of an organization’s network infrastructure (U.S. Cert, 2008). In this paper, we review a number of scenarios where computer forensics is necessary. We determine good sources of data for each scenario, and determine which would be optimal.
Forensic evidence is tangible evidence that is obtained from the crime scene and examined by utilizing various scientific procedures to assist examiners in cracking a case. This Forensic evidence is obtained at the scene of a crime and transported to a laboratory, where it is handled by specialists. Three types of forensic and physical evidence are fingerprints, digital evidence and impressions.
Forensics are one of the most supportive way we make decisions today. It has helped judges and the jury of the court prove that the person is either guilty or innocent. It completely changed the way the prison system on how it convicts the felons. Not only does it help lawyers it can also be used against others. Until it was discovered those who had prior been convicted of a crime did not get a fair trial. Forensics are usually for those who are fascinated with solving crime or are intrigued with crime or murder shows or situations. (good job!!)
Digital forensics has been responsible for putting away thousands and thousands of criminals. Ranging from simple crime computer crimes to child pornography. To get quality evidence that can be admissible in court there are steps that are needed in preparing a computer investigation. There are also requirements for data recovery, as well as procedures for corporate investigations. “Digital forensics has become prevalent because law enforcement recognizes that modern day life includes a variety of digital devices that can be exploited for criminal activity, not just computer systems. While computer forensics tends to focus on specific methods for extracting evidence from a particular platform, digital forensics must be modeled such that it can encompass all types of digital devices, including future digital technologies” (Reith, Carr, and Gunsch, 2002).
Criminal Forensics solves murders or death and brings comfort to families. Criminal Forensics is needed throughout the world. It answers the question, “What happened?” The most important part of criminal forensics is when the murder or case gets solved. The reason that this is the most important part is because this is what the case is about. The case is about figuring out what happened to the person, and if they were murdered, it is about getting someone in handcuffs. These people need justice and if it not given then who will give it. Criminal forensics is the key part in solving any case. It brings comfort to families who desperately need it. Most importantly it answers the question,
As the InfoSec Specialist, you wouldn’t be looking for a search warrant before going into his work area. “It is important to note that
An extremely important computer forensic service is the preservation of evidence. In this step a forensic image is made of all pertinent data. This image is actually what is being analyzed and the original source where the data was extracted is put in a safe and confidential environment. The security and authenticity of this information is analyzed very carefully and handled only by a digital forensics expert.
Forensic science has been a revelation in law enforcement. After the first American forensic lab was established in 1929 by the Los Angeles police department, using forensic sciences has been pretty much used in every major crime investigation (What is Forensic Science, p.1). What exactly is forensic science? According to an article put out by the University of Western Australia, "Forensics is the term given to an investigation of a crime using scientific means. It is also used as the name of the application of scientific knowledge to legal matters" (What is Forensic Science, p.1). Forensics is fairly open ended;
Technologies are advancing in today's world where more information is being generated, stored and distributed through digital gadgets. This requires investigators and forensic expert to increase the use of digital evidence gathering as a tool to fight against cyber-crime (International competition network, n.d.).
Cloud computing has become one of the most popular computing paradigms. Today, the number of cybercrimes against cloud computing is increased where attackers using new techniques and method that make the process of tracking them difficult. This makes digital investigators and practitioners to think about designing and developing new techniques and tools to cope with the cybercrimes investigation in the cloud environment. Digital forensics strategies, methodologies, and techniques have to evolve to become efficient and effective to investigate severe attacks and crimes in the cloud. Digital forensics is considered as the process of collecting, extracting and recovery of digital evidence as an admissible proof about a committed crime that will
Four sources of data that stand out for forensic investigators in most criminal investigations are files, operating systems, routers and network traffic, and social network activity. Each data source presents a variety of opportunities and challenges for investigators, meaning that the more reliable data collection and analysis activity typically involves examination of a variety of sources. Digital forensics must cover the four basic phases of activity, which include: data collection, which describes the identification and acquisition of relevant data; data examination, which includes the processing of data through the use
A computer forensics expert can recover information and computer evidence even if it has been hidden, encrypted, or deleted. In computer forensics, time is of the essence and an investigation must be performed in a timely manner to prevent information from disappearing forever. An important aspect of a computer forensic investigation is that the computer forensics expert must be capable of performing the analysis in a manner that will preserve, identify, extract, document and interpret computer data. The computer forensics analysis must be performed in a manner that conforms with legal requirements so that the results of the forensics investigation will be admissible in court. Simply powering up a computer can result in many files being changed. This may affect the admissibility and reliability of digital evidence. The analysis of electronic evidence includes not only the analysis of documents currently in a computer and those that were previously deleted, but also past versions and alterations of electronically stored documents.
Use our knowledge of Digital Forensics to set up a challenge scenario. We need to set up and develop evidence that can be examined to determine a sequence of events. Scenarios can include disk forensics, network forensics and memory forensics or a combination of all.
With advances in digital technology, the scope of digital crimes has also increased multi-fold. Digital forensics is a science, which involves collection, preservation and documentation of the digital evidence from various digital storage media. This entire process must be undertaken in fashion that is appropriate forensically, and results in collection of data, which can be made admissible in a court of law during the investigation of a crime. Since most of the transactions today happen across digital media, it is imperative that organizations world over understand the fundamentals of forensics, and also take steps in training their employees. If such procedures are not put in place, then it may result in the data of an organization to
The Cloud Computing is one of the fastest growing technology that attracts researchers to add and improve its services [1][7]. Organizations benefit from this technology by replacing traditional IT hardware and data centers with remote, on-demand paid hardware and software services, that are configured for their particular needs, managed and hosted by the organization users or even a third party. This increases the organization’s flexibility and efficiency, without the need to have a dedicated IT staff or owning special hardware equipment or software licenses.
As technology is being advanced, computers have become very influential. Unfortunately, as computers get more complex, so are the crimes that are being done with them. Dispersed Disavowal of Service Attacks, ILOVEYOU and many other different viruses, Domain Name Hijacking, Trojan Horses, and Websites all cause the computers to mess up and shut down are just a few of the many documented attack kinds that are being produced by computers alongside other computers (Wegman). Administrators of data methods need to be able to comprehend computer forensics. Forensics is the procedure of using scientific knowledge for gathering, examining and giving evidence to the courts. Forensics handles chiefly with the retrieval and examination of hidden evidence. Dormant evidence can take a lot of different forms, from fingerprints that have been left behind on a window to DNA evidence that is recovered from blood stains which go on the files and then the hard drive. This paper will discuss my soon to be company that I will supervise that possess the previous qualities