Computer forensics is the “who, what, when, and how” of electronic evidence. Typically narrow in scope, it attempts to reconstruct events, focusing on the computer-based conduct of an individual or group of individuals. The types of cases involving computer forensics are numerous and varied – from the personal (i.e. locating hidden assets in a messy divorce case), to the political (i.e. investigating alleged misuse of government computers for political gain), to the dramatic (i.e. “What was your client’s former
employee downloading from the Internet before he was fired
and brought suit for wrongful termination?”).
2. Introduction
Computer forensics is a field of expertise in the use of analytical
techniques to examine digital evidence.
Computer forensics performs a structured investigation while
maintaining a documented chain of evidence.
3. Types of Cyber
Crimes
Forgery
Breech of Computer
Security
Fraud/Theft
Copyright Violations
Identity Theft
Threats
Burglary
Homicide
Administrative Investigations
Cyber Terrorism
Sales and Investment Fraud
Electronic Fund Transfer Fraud
4. Forensic Process
Acquire data to be examined
Photographs
Make an image
Review of logical file structure
Review of unallocated space and file slack
Recover deleted data (If any)
Report
Expert testimony
5. GOAL OF COMPUTER
FORENSICS
The main goal of computer forensic experts
is not only to find the criminal but also to
find out the evidence and the presentation
of the evidence in a manner that leads to
legal action of the criminal.
6. Methodology
1) Shut Down the Computer.
2) Document the Hardware Configuration of
the System
3) Transport the Computer System to A
Secure Location
4) Make Bit Stream Backups of Hard Disks
and Floppy Disks
5) Mathematically Verify Data on All Storage
Devices
6) Document the System Date and Time
7) Make a List of Key Search Words