Forensics Science is a scientific discipline of he association of people, things and places which helps in the investigation and make a formal judgment or decision for civil and criminal lawsuit.
Computer forensics is a branch of forensic science and the practice of collecting digital data in a way that is legally admissible to court as evidence. Analyzing collected digital data need to be admissible evidence so it could be used in a court of law. Evidence is typically introduced to a judge or a jury to prove a point or element in a case. The digital data needs to be handled with integrity which means data must be tamper free and not compromised.
The syllabus for a typical fundamental computer forensics course include:
1. Introduction
2. Nature of computer crime
3. Search and seizure
4. Introduction to imager tools
5. Numbering systems
6. Characteristics of physical drives
7. Partitions
8. The boot process and drive lettering
9. Formatting of a file system
10. The file allocation table
11. Saving files and directories in a file system
12. Deleted file recovery in file system
13. Drive access and write blocker
Introduction is about starting discussion of the course. It can contain outline of materials and any software to be used, the prerequisites, the course outline, and some helpful information. In line with software to be used, information about setting up the laboratory computer can be given at this part.
Computer crime is the center piece of computer forensics since a computer can be the tool for the crime, and the repository of data. Hence, study of computer crime is carried out in this chapter. This will include a description of how computer technology is used in computer crime, a review of the current challenges being solved by the forensic examiner, and a discussion of evidence gathering methods.
Obtaining the physical device used or the digital content is of utmost importance. That is where there is a need to review pre-search conditions and identification of the sources of electronic evidence. It covers the protocols to take control of a computer during a seizure which keeps consideration to the criteria of admissibility of evidence to court.
The succeeding parts of the syllabus will provide additional topics with regards to physical drive characteristics, disk use cycle from boot, drive letter initialization, file system like FAT and the file allocation table, data write and read, and limitation to recovery due to certain wipe out procedures.
No comments:
Post a Comment