If the average person, the term “computer forensics” or listen to “computer forensics”, the image of a dark figure with mirror glasses come to mind. But this is an accurate representation of computer and digital forensics, actually? It is not, as you will soon discover in this article.
Although the same tools that are used in real forensics computer experts use the underground counterpart, it is the essence of collecting and storing digital forensic data. If you have used a data recovery tool such as a drill to get the drive to recover lost files from your computer, you already have a vague idea of kakom-libo aspect of forensic science and life forensics computer examiner. In this article, we learn everything else.
Computer Forensics Definition
Techopedia defines how computer forensics “interpret the discovery process, and electronic data.” The purpose of this method is to “gather evidence in its original form in conducting structural surveys to identify, identify and verify the digital information associated with the reconstruction of past events.”
In other words, digital forensic science is a branch of forensic science old old TV shows that know about crime. You know what they usually go: murder committed cruel. A police officer on the scene with the principal investigator driving his Ford Galaxie 500. Just like getting out of his vehicles, someone shouts, “Do not touch anything! We need every bit of evidence we can find.”
Back in the day, often someone testing every day or fingerprints in a glass of water. Nowadays, the digital protocols of metadata, IP addresses, and other bits are ones and zeros. Some of the first digital crimes can not until the late 1970s and early 1980s, in those days, traceability, information security and confidentiality of the minor subjects that are of interest to the small group of geeks and innovators .
The main turning point came in 1978 with the Florida Computer Crime Act of 1978, which recognizes the first computer crime in the United States. And included a law against the removal or alteration of unauthorized computer data. Other laws, such as the United States law on federal fraud law, British computer misuse 1990 and the illegal use of computer technology in 1986 and, shortly afterwards.
Before the arrival of the new millennium, but the discussion focused on the recognition of computer crimes as a serious threat to personal, institutional and national security. Since 2000, a new requirement for standardization has been introduced, resulting in the production of “best practices for forensic computing” and the publication of ISO 17025 in the context of the Scientific Evidence Task Force (SWGDE).
They follow a set of rules and guidelines for best practice has helped experts in the field of computer forensics and forensic medicine to retrieve forensic data from the software company for the preparation of solutions capable of positioning the complex needs of today You will have to respond.
A typical trial consists of several stages: capture, judicial collection, analysis and preparation of a report based on the data collected. There are free software tools and forensic tools, paid for each phase. List of digital forensics tools can be found later in this article.
Vice forensic computer Ramos
to do in the field of computer forensics expert with the private or public sector. With the help of the public sector, their work is often to support or refute hypotheses in criminal or civil courts. The bread and butter of judicial investigators are examining the private sector and business invasion.
Since it increases the complexity of modern technology, computer forensics experts usually focuses on one or more areas of digital forensics, knowledge on the expert level. Digital forensics is usually divided according to the type of equipment involved. The main areas are forensic, forensics, forensic data forensic mobile network and forensic database.
The only sector which is the fastest growing considered in recent years the forensic investigation of mobile devices. Because people laptops and desktops to smartphones and tablets, the need for forensic examination of forensic software data phone increases dramatically substitute restore mobile data.
legal instruments and hardware
A description of some of the many computer forensics tools used by forensic investigators and computer expert, set the scene with child pornography stored on a connected PC. In most cases, the researchers first PC to remove hard drive and plug the device into hardware blocks. Such a device, it is impossible for the contents of the hard disk in a way that allows scientists to turn down the volume of the disk and screen.
exact binary copy of a disc to be performed with a number of special tools. There is a large software and digital forensic solutions, as well as many smaller instruments. The first group includes the Quadro Digital Forensics, Open Computer Forensics Architecture, Caine (Computer Aided Environmental Research), X-Ways Forensics, SANS Investigative Forensic Toolkit (SIFT), EnCase, Sleuth Kit Llibforensics, Coroner volatility toolkit Oxygen Forensic Forensic Evidence later online -Extractor (CAFE) Cellebrite UFED or HELIX3.
This important policy decisions and forensic kits include a wide range of forensic data services in one package. However, most of the experts of forensic professionals prefer their own tools tools and custom programs that build exactly match your needs and preferences. Options abound for each phase of the test data recovery process, including forensic examination of the hard drives and forensic examination of the file system.
Data acquisition can live RAM FTK Imager or Microsoft Disk2vhd with EnCase Forensic Imager captures are made. The e-mails are analyzed with tools such as viewing or browsing EDB MBOX electronic display. Some of these tools are specifically made to a number of operating systems, while others have to support more platforms. The most popular tools for Mac OS X includes Volafox and Chainbreaker referee disc, the analysis of the user key data structure and extracted. Needless to say, no analyst can not forensic examination by a wide range of online analysis tools, including Dump Zilla of Busindre, Chrome Analyzer sit IEPassView, Opera PassView and forensic websites Magnet Saver.
Professional Resources forensic tools
Features of professional forensic tools are very different depending on the forensic examination form intended and on the market. Typically needs of large software systems of forensic medicine in size to be able to perform the following operations:
Support hash for each file that allows you to compare filters
can confirm his complete disc hash that the data has not changed (usually used for the instruments, and the other is used to secure the plate hash)
Locators exact path
Clear Date and Time
It should include the collection function
Search and filter elements
firmware upload capabilities and analysis of data backup
Compared with the police, usually companies that nonvolatile RAM disposal concerns. You want to get the proof of private research
basic forensic software provider
The software is packed with progressive companies and innovative legal software that are ready to produce to expand their existing work are. Large forensic software publishers tend to appear at major industry events such as conferences Tech Investigation Association high, but there are many such conferences in North America.
Here are some of the most productive forensic providers and software products have the appearance.