Computer forensics or digital forensics is a term in computer science storage obtain legal computer found evidence in digital media or. With digital forensic investigation, the investigators found that with the digital media such as e-mail, hard drive, records, computer system and the network itself. In many cases, forensic investigation to produce, could happen as the crime and how we protect ourselves against the next time.
Some reasons why weby carrying out a forensic investigation:
1. To gather evidence so that it can be used in court to resolve legal cases.
2. strength of our network, and fixes the security hole to fill for the analysis and with patches.
3. To recover deleted files or all files in the event of a hardware or software error
In computer forensics, the most important things that need to remember when carrying out the investigation are:
1. The original evidence must not be altered in any way,behavior and to do the process of making forensic investigators must be a bit-stream image. Bit-stream image is a bit for bit copy of the original storage medium and exact copy of the original media. The difference between a bit-stream image and the normal copy of original image is stored bit-stream of the locker room in memory. You do not find all the slack space information on a copy of media.
2. All forensic procedures must follow the legal laws in the countrywhere the crime happened. Each country has different legal dispute in the IT field. Some take IT rules very seriously, for example: United Kingdom, Australia.
3. All forensic procedures can only be performed after the investigators, the investigation.
Forensic investigators would normally look at the timeline, how the crime happened in time. So that we can produce the crime scene, how, when, what and why crime could happen. In a large company, it is proposedCreate a digital forensics team and First Responder team, so that the company still get the evidence to the forensic investigators arrive at the crime scene.
First Response are rules:
1. Under no circumstances should anyone, other than rest holds the forensic analyst to all attempts to obtain information from any computer system or device, the electronic information.
2. Any attempt to retrieve the data from person said in number 1, it could be avoided shouldthe integrity of the evidence, which was inadmissible in legal court.
Based on these rules, he has the important role of a First Responder team explained in a company. The unqualified person can only be sure the size is such that no one touch the crime scene, forensic analysts have come before (This can by taking photo of the scene are made. You can also take notes on the scene and the present time.
Steps must be taken when adigital crime occurred in a professional manner:
1. Secure the crime scene, arriving to the forensic analyst.
2. Forensic analyst must for the house search of local authorities and the management request.
3. Forensic Analyst make a photo of the crime scene when there is no any photos were taken.
4. If the computer is still on, not selected from the computer. Instead, a forensic tools such as Helix, can get some information thatonly found when the computer is still switched on, as data on RAM and registers. Such tools has its special function as nothing back to the system to stay Leave the integrity recording.
5. Once all the evidence collected live, turned forensic analyst you cannot take it back off the computer and hard drive for forensic laboratory.
6. All products must be documented, in which Chain of Custody is used. Chain of Custody records of proof, such as: Who has the evidence of therecently.
7. The securing of evidence must be accompanied by legal officers as police as a formality.
8. Back in the lab, take forensic evidence analyst to create the bit stream image as original evidence must not be used. Normally, Forensic Analyst Create 2-5 bitstream image in case 1 image is corrupted. Chain of Custody of course still in use in this situation, to maintain records of the evidence.
9. Hash of the original evidence and bit-stream image is created. This actsas proof that original documents and the bit-stream image is an exact copy. So any change to the bit image is not permitted in different hash that the evidence is found to court makes.
10. Forensic Analyst begins the inquiry into the bit stream image found by carefully looking at the appropriate place depending on what type of crime has been committed. For example: Temporary Internet Files, Slack Space, deleted file, steganography files.
11. Each found evidence mustas well, the integrity hash stay recording.
12. Forensic Analyst will prepare a report, usually in PDF format.
13. Forensic Analyst to send back the report be referred to the company, along with fees.
Friends Link : !: Decor Living Room Furniture On Sale !: Lcd HDTV Right Now !8!# Handkerchiefs Discount !8!# Worth Mayhem Coupon
No comments:
Post a Comment