Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
¶ … burgeoning field of computer or digital forensics has multiple applications. As Carroll, Brannon & Song (2008a) point out, the two primary functions of computer forensics include data extraction and data analysis. As with other areas of forensics, methodologies in computer forensics include scientific methods of data collection, data preservation, and data analysis with ultimate goals of documentation or presentation in accordance with the needs and demands of the investigative team. Although computer forensics is relatively new compared to other branches of the field, the methods whereby digital data can be collected and analyzed are systematic to ensure accuracy and validity.
Computer forensics experts should become familiar with the latest operating systems for the purposes of data collection and preservation. For example, Carroll, Brannon & Song (2008b) note that Microsoft Vista's BitLocker provides encryption storage, which has direct ramifications on data extraction and collection by law enforcement. It is also critical that forensics experts become cognizant of the legal protections provided to users and the subsequent legal constraints on data extraction from personal devices. Case law studies on computer forensics highlight some of the core constraints on data collection and its use in courts of law. Littlefield...
This type of procedures helps the data become more robust.
Researchers highlight the importance of regular training and updating of skills in using various operating systems and understanding system architectures to maximize the efficiency and accuracy of forensics procedures. It may be far preferable to engage a team of highly trained law enforcement personnel than to call upon outsiders and consultants for use in trials (Littlefield, 2008). Case studies reveal the importance of taking into account different overlapping variables including where the files are located, when they were last created, edited, or saved, and how to access a computer's virtual memory for especially sensitive data.
Carroll, Brannon & Song (2008) point out some of the problems inherent in analyzing and collecting large amounts of data, such as at the enterprise level. Copies of data must be made in accordance with chain of custody rules. Forensics experts should never, according to Carroll, Brannon & Song (2008), except in extreme circumstances, work with the original copies of the material in order to preserve their integrity and maximize their potential use in court. Some…
References
Carroll, O.L., Brannon, S.K. & Song, T. (2008a). Computer forensics. United States Attorneys' Bulletin 56(1): 1-8.
Carroll, O.L., Brannon, S.K. & Song, T. (2008c). Managing large amounts of electronic evidence. United States Attorneys' Bulletin 56(1): 46-59
Carroll, O.L., Brannon, S.K. & Song, T. (2008b). Vista and BitLocker and Forensics, Oh My! United States Attorneys' Bulletin 56(1): 9-28
Littlefield, M.J. (2008). Demystifying the computer forensic process for trial. United States Attorneys' Bulletin 56(1): 29-45
Specialized forensic tools will be necessary to retrieve and analyze deleted, renamed and encrypted data that search tools will overlook. Further, forensic tools will help with complex information correlation. For example, to construct a timeline of events it may be necessary to tie network log stamps and data together with database access and usage logs. Reporting is the final phase of forensic investigation. Here, the article is weak, only recommending
Computer Forensics The issue at hand involves the examination of a scene from an office space within Widget Corporation. We find that this is the assigned office for a Mr. Didit. The information we have at hand is digital -- a photograph taken from an approximate distance of 3 feet from the occupant's desk. Using the photograph, we find that there are a number of electronic and non-electronic devices and our
Such information is collected using packet sniffers which are programs that can access all information passing through a computer, and not only information particularly sent to the computer. The packet sniffer can either pick all the information, or just selected what is needed, and at the specific time when the information passed through the computer. This is then copied into a given memory. However, for the packet sniffers to
Typically, a database uses either the simple recovery model or the full recovery model. The full recovery model can be supplemented by switching to the bulk-logged recovery model before bulk operations." (Microsoft, 2010 P. 2). Meanwhile, our company will need to implement the full back up safeguard all our data. Under the full recovery model, the first step is to back up the transaction log. Combination of full back-up with
i.e. modifying the domain name system. 7. DNS-Based Phishing ("Pharming"): This offense is based on interference in the domain name searching process by modifying the domain name resolution sending the user to a different IP address. 8. Content-Injection Phishing: The phisher introduces fraudulent content into a legitimate website. 9. Data Theft: Malicious code that collects sensitive information stored within the machines in which it is installed. 10. Man-in-the-Middle Phishing: The phisher takes a
Forensics and Digital Evidence Forensics is a discipline which uses standardized techniques to pull apart an event, analyze what happened, and find a more accurate conclusion to the data analysis than just witness testimony. For centuries, lacking even rudimentary techniques like fingerprinting or blood type analysis, the legal system relied on confessions and witness testimony. We may turn to Ancient Greece for one of the first recorded examples of a type