What is Computer Forensics? Definition of Computer Forensic?
Computer forensic uses the predefined set of procedures and technique for collecting, identifying, preserving, recovering, analyzing, reporting and presenting the facts about evidence after thoroughly examine the computer system and digital media with the use of software and tools.
Where computer forensic use? Uses of computer forensics?
Use for government and Law enforcement agencies use it to get data about digital data about different crimes e.g. Fraud, extortion, terrorism, cyberstalking, terrorism, child pornography, forgery and to identify the theft.
Use for cooperation: checking fraud, manipulation, and destruction of data/ information, detect the illegal distribution of organization secrets, to find security loopholes.
Use for a commercial organization: detect intellectual property theft, fraud, unauthorized use of computer and resources, network/ computer intrusions, Employment disputes, bankruptcy investigations etc.
Use for IT security audit department: use to detect the malicious attack of hackers, the investigation about economic losses, inappropriate email and internet use at a workplace,
Military/ intelligence agency use: gathering information for counter-terrorism measures and during military actions.
How Computer forensic work? Process of computer forensics?
A process of computer forensic consists of following steps
1: Identification: The first step is to identify the evidence/devices of crime, the location of the event and incident.
2: Preservation: In this step, the electronic devices that are pieces of evidence of crime and incident are preserved, capture the visual image of the crime, documented all the related information about the evidence and also mentioned its source.
3: Collection: This step happens in the location of a crime. The electronic devices/data removed from the crime site or incidence scene and then it is copied, imaging or printing out the contents and documented the pieces of evidence. The information also gathers by interviewing the witnesses or personnel are who hold the data and then transport the pieces of evidence to the forensic lab safely.
4: Analysis: A variety of methods and approaches are used to analyze the information. The special analysis software is used for massive search and retrieving files that are recently deleted. The software also used to detect the encrypted and hidden files. The investigators work with lawyers, criminal investigator, and other personnel for a better understanding of the information which can serve as evidence.
5: Reporting: The record of all investigation activities, the method used for testing system functionality, retrieving, storing and copying data are documented. Hardware, software specimen and documented record of all action taken to acquire, examine and assess evidence.
Who involves Computer forensic? Who interested in computer forensics?
Computer forensic specialist/analyst works with law enforcement agencies and the private firm. The criminals damaged/corrupted the devices internally or externally, through hacking or virus to destroy the pieces of evidence. The main duties of forensic analyst
Keep the record of pieces of evidence from the site of crime/incident
Examine the security of a private company information system
Recover the data from corrupted devices/computer
Get the data from hidden/encrypted file or damaged types of equipment
Collect all pieces of evidence and data of crime to present for prosecution/ court of law.
When computer forensic start? History of computer forensics? Evolution of computer forensics?
First-time computer forensic used in the USA by law enforcement agency and military investigator for crime detection. Before 30 years ago first computer evidence appeared in the court. With the evolution of technology, it becomes necessary to distinguish between interpretations of computer pieces of evidence that are different from physical pieces of evidence. In 1976 this interpretation became as the form of US Federal Rules of Evidence. In 1984 FBI started it as CART (Computer Analysis and Response Team).
In 1986 Electronic Communication Privacy Act formed that dealt with the interpretation of electronic communication.
In 1987 Computer Security Act that dealt with the security of government computer system formed.
In 1993 First International Conference on Computer Evidence held.
In 1995 IOCE (International Organization on Computer Evidence) formed.
In 1996 Economic Espionage Act that dealt with trade secret theft is dealt.
In 1998 INTERPOL Forensic Science Symposium formed.
In 2000 First FBI Regional Computer Forensic Laboratory established.