Computer forensics deals with examining of digital information obtained from obtained and seize devices involved in a high technology computer crime. As such, tools exists to assist a computer forensic practitioner. Forensics basically require procedures and steps to ensure that the evidence obtained from devices lead to conviction or establishment of innocence. The devices deemed of such importance needs to be admissible to the court. Following guidelines in ensuring integrity of the original digital information and condition of the physical device is essential. With properly utilizing the right tools and practices for computer forensics, we can accomplish our task to preserve the original evidence tamper free and admissible to court.
The first step in computer forensic examination is to create a duplicate of the original media and work on the created image. All relevant data must be present in the image by means of physical or logical imaging. Examination will be done on the image and the original media is kept safe and secure. Applications suites for forensic examination will be used during the analysis. Application logs, history log, database file, and temporary files can be obtained and examined for relevance to the case buildup. It is of prime importance also to recover deleted data and recreate the file structure for examination by directory, date, time, author or user, and any information that can be obtained and be able to open the contents of the files with the appropriate viewer to gather information. Files must be hashed to identify the altered files from the unaltered which will give integrity to the collected data evidenced in the individual files of the image.
No comments:
Post a Comment