Computer forensics is the use of investigation and analysis to gather and preserve evidence from a computer in such a way that it can be presented in court. The goal is to perform an investigation while also having a documented chain of evidence in order to discovered exactly what happened on a particular computer and who did it. The investigator isolates the device to make sure that it cannot be contaminated, then makes a digital copy of the computer's storage media. Once it has been copied, it is locked in a secure facility to maintain the condition. Therefore, all of the investigation is done on the digital copy, not on the actual computer. The investigator will use a variety of techniques to examine the copy. They will search for hidden folders and encrypted files, among other things. Any evidence found in the copy is documented in a findings report and verified against the original in preparation for any legal proceedings.
Computer forensics has been increasingly used in legal cases, so much so that it has become its own special field of study. It can be used to prove that something happened, such as finding e-mail evidence of fraud or theft of intellectual property. It can also be used to someone did not do something, such as someone downloading illegal content onto another person's computer like a form of sabotage. Finally, computer forensics can also figure out what the facts prove or demonstrate, such as an e-mail that may discuss illegal activities.
References:
http://searchsecurity.techtarget.com/definition/computer-forensics
http://www.dummies.com/how-to/content/how-computer-forensics-is-used-in-legal-cases.html
No comments:
Post a Comment