Computer Forensics is a relatively recent invention, not recognized yet as a scientific discipline, but proven to be compelling concerning pyshical evidense. It takes the process of forensics, a means in which one uses scientific knowledge in order to collect, analyze, and present evidense to the courts, and using it in the realm of digital media. It allows there to be recovery and analysis of data, combining law and computer science. It hasnt yet been perfected or standardized, therefore varies in consistency, but allows computers to be as significant as DNA in a forensic search. This proves a useful tool in investigating instances as little as employee internet abuse to larger crimes such as fraud and theft.
Through computer forensics digital evidense can be aquired and used to preserve the integrity of the provided information so that it can be used effectivily in a court case. Without this data, it is impossible to hold people or organizations liable in civil or criminal court. An investigator can use various methods and software to retrieve deleted data and break encryptions without damaging it. There are two types of data to be searched. Persistent data is stored in the hard drive and preserved after the power is shut off. Volatile data is stored in cacshe and RAM (Random Access Memory) that will be lost upon shutting down the computer. An investigator will approach and navigate through these obsticles in order to find the correct evidense thus playing a significant part in an investigation.
http://www.us-cert.gov/reading_room/forensics.pdf
http://www.computerforensicsworld.com/
http://www.advancedcomputerforensics.com/
http://www.gnostch.com/
No comments:
Post a Comment