Free Essay

Computer Forensics

In: Computers and Technology

Submitted By taina26
Words 1382
Pages 6
Computer Forensics Through the Years
Prof. Pepin Galarga
Computer Forensics
Sep 11, 2010

Table of Content

Introduction …………………………………………………………………………………Page 2
The Early Years……………………………………………………………….......................Page 3
Early Training Programs …………………………………………………………………....Page 4
Typical Aspects of Computer Forensic Investigations ……………………………………..Page 5
Legal Aspects of Computer Forensics …………………………………………..……...…..Page 6
Conclusion ………………………………………………………………………………….Page 7
References………………………………………………………………………………..…Page 8


If you manage or administer information systems and networks, you should understand computer forensics. Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts. (The word forensics means “to bring to the court.”) Forensics deals primarily with the recovery and analysis of latent evidence.
Latent evidence can take many forms, from fingerprints left on a window to DNA evidence recovered from blood stains to the files on a hard drive.
Because computer forensics is a new discipline, there is little standardization and consistency across the courts and industry. As a result, it is not yet recognized as a formal
“scientific” discipline.
Image by, courtesy of Steve Jurvetson Computer forensics is the study of extracting, analyzing and documenting evidence from a computer system or network. It is often used by law enforcement officials to seek out evidence for a criminal trial. Government officials and business professionals may also have need of a specialist familiar with computer forensic techniques. The discipline of computers forensics is relatively new, having been founded in the 1980s.
Computer Forensics can be use for the purpose of performing a root cause analysis of a computer system that had failed or is not operating properly, or to find out who is responsible for misuse of computer systems, or perhaps who committed a crime using a computer system or against a computer system. This being said, computer forensic techniques and methodologies are commonly used for conducting computing investigations - again, in the interest of figuring out what happened, when it happened, how it happened, and who was involved.
The Early Years

The field of computer forensics began in the 1980s, shortly after personal computers became a viable option for consumers. In 1984, an FBI program was created. Known for a time as the Magnetic Media Program, it is now known as the Computer Analysis and Response Team (CART). Shortly thereafter, the man who is credited with being "the father of computer forensics" began work in this field. His name was Michael Anderson, and he was a special agent with the criminal investigation division of the IRS. Anderson worked for the government in this capacity until the mid 1990s, after which he founded New Technologies, Inc., a leading computer forensics firm. New Technologies Inc experience is primarily in investigations and computer evidence processing. In 2000, NTI was acquired by Armor Holdings, Inc. a New York Stock Exchange listed public corporation and became part of Forensics Source, the largest supplier of forensics equipment and supplies in the world. NTI has made it a priority since 1996 to support US government agencies in this important effort and most of their software tools are designed with classified government agencies needs in mind. Because of NTI's extensive experience in computer forensics and the presentation of evidence in court, NTI also provides consulting services to civil litigation law firms. Since 1996, NTI has trained computer specialists from numerous government agencies, over 140 Fortune 500 corporations, all of the Big 4 accounting firms and numerous law enforcement computer crime units. The qualifications and credibility of NTI's training team is unsurpassed and includes some of the top computer forensics experts in the world. The majority of the NTI professional staff has extensive law enforcement and military experience.

Early Training Programs

A meeting held in 1988 in Oregon led to the formation of the IACIS (International Association of Computer Investigative Specialists). IACIS is an international volunteer non-profit corporation composed of law enforcement professionals dedicated to education in the field of forensic computer science. IACIS members represent Federal, State, Local and International Law Enforcement professionals. Regular IACIS members have been trained in the forensic science of seizing and processing computer systems. IACIS prides itself on being the world's leading organization for computer forensics practitioners. In addition to providing the highest quality computer forensics training, IACIS strives to foster excellence in the field through a formal certification process.
Shortly after that, the first classes were held to train SCERS (Seized Computer Evidence Recovery Specialists). The SCERS training program teaches fundamental forensic techniques for the analysis of electronic data from desktop computer systems and selected peripherals. While the course is an advanced training for FLETC, it is designed as a comprehensive digital forensics foundational course of instruction for novice examiners or those who wish to update their skills. The SCERS training program is an intense course that requires substantial computer aptitude and prior computer training. SCERS teaches the proper methodology for acquiring digital evidence in a forensically sound manner, and teaches how to analyze this data. They are two distinct skill-sets and both are required for offices where the digital evidence examiner must also respond to the scene and collect the evidence.

Typical Aspects of Computer Forensic Investigations
From a technical standpoint, the main goal of computer forensics is to identify, collect, preserve, and analyze data in a way that preserves the integrity of the evidence collected so it can be used effectively in a legal case.
First, those who investigate computers have to understand the kind of potential evidence they are looking for in order to structure their search. Crimes involving a computer can range across the spectrum of criminal activity, from child pornography to theft of personal data to destruction of intellectual property. Second, the investigator must pick the appropriate tools to use. Files may have been deleted, damaged, or encrypted, and the investigator must be familiar with an array of methods and software to prevent further damage in the recovery process.
Two basic types of data are collected in computer forensics. Persistent data is the data that is stored on a local hard drive and is preserved when the computer is turned off. Volatile data is any data that is stored in memory, or exists in transit, that will be lost when the computer loses power or is turned off. Volatile data resides in registries, cache, and random access memory (RAM). Since volatile data is very sensitive and can last very short, it is essential that the investigator knows reliable ways to capture it.
System administrators and security personnel must also have a basic understanding of how routine computer and network administrative tasks can affect both the forensic process (the potential admissibility of evidence at court) and the subsequent ability to recover data that may be critical to the identification and analysis of a security incident.

Legal Aspects of Computer Forensics
Computer forensics is a relatively new discipline to the courts and many of the existing laws used to prosecute computer-related crimes, legal precedents, and practices related to computer forensics are in a state of flux. New court rulings are issued that affect how computer forensics is applied. The best source of information in this area is the United
States Department of Justice’s Cyber Crime web site. The site lists recent court cases involving computer forensics and computer crime, and it has guides about how to introduce computer evidence in court and what standards apply. The important point for forensics investigators is that evidence must be collected in a way that is legally admissible in a court case.
Increasingly, laws are being passed that require organizations to safeguard the privacy of personal data. It is becoming necessary to prove that organizations are complying with computer security best practices. If there is an incident that affects critical data, for instance, the organization that has added a computer forensics capability to its arsenal will be able to show that it followed a sound security policy and potentially avoid lawsuits or regulatory audits. If system administrators possess the technical skills and ability to preserve critical information related to a suspected security incident in a forensically sound manner and are aware of the legal issues related to forensics, they will be a great asset to their organization. If an intrusion lead to a court case, the organization with computer forensic capability will be at a distinct advantage.


Similar Documents

Free Essay

Computer Forensics

...International Journal of Digital Evidence Fall 2007, Volume 6, Issue 2 Computer Forensic Analysis in a Virtual Environment Derek Bem Ewa Huebner University of Western Sydney, Australia Abstract In this paper we discuss the potential role of virtual environments in the analysis phase of computer forensics investigations. General concepts of virtual environments and software tools are presented and discussed. Further we identify the limitations of virtual environments leading to the conclusion that this method can not be considered to be a replacement for conventional techniques of computer evidence collection and analysis. We propose a new approach where two environments, conventional and virtual, are used independently. Further we demonstrate that this approach can considerably shorten the time of the computer forensics investigation analysis phase and it also allows for better utilisation of less qualified personnel. Keywords: Computer Forensics, Virtual Machine, computer evidence. Introduction In this paper we examine the application of the VMWare (VMWare, 2007) virtual environment in the analysis phase of a computer forensics investigation. We show that the environment created by VMWare differs considerably from the original computer system, and because of that VMWare by itself is very unlikely to produce court admissible evidence. We propose a new approach when two environments, conventional and virtual, are used concurrently and independently. After the......

Words: 3983 - Pages: 16

Free Essay

Computer Forensics Case Analysis

...Project 1 Case Analysis CCJS321 The two cases I have chosen to analyze for Project One is the Max Ray Butler aka “Iceman” cybercrime case and the Albert Gonzalez cybercrime case. I have chosen these two cases because they both had significant impact on the computer forensics field. Both of these cybercrimes are similar in nature because both deal in credit card and identity theft on the grandest scale. Max Ray Butler and Albert Gonzalez were brought to justice after many years of a cyber-forensic investigation that went through a network of multiple U.S. agencies; including the FBI, US Secret Service and US-CERT (United States Computer Emergency Readiness Team) a Department of Homeland Security who were all networked together at the National Computer Forensic Training Academy in Pittsburg, Pennsylvania. Both of these men were given the longest prison sentences ever handed out by a judge for computer crimes of their notoriety and magnitude. Finally, they both set a blue print for digital forensic investigators of the proper procedures to follow in order to capture future want-to-be crime lords. Max Butler aka “Iceman” was a white-hat hacker that went rogue. His story is that, “he was a good hacker hired by the government to test the security of one of their websites, while doing that job he installed a backdoor to their system that would allow him to come in later so he could make some fixes to the system on his own time. Well of course this second part of the...

Words: 1323 - Pages: 6

Free Essay

Computer Forensics Analysis Project

...Computer Forensics I (FOR 240-81A) Project #3 Case Background The Suni Munshani v. Signal Lake Venture Fund II, LP, et al suit is about email tampering, perjury, and fraud. On December 18, 2000, Suni Munshani (Plaintiff) filed a suit against Signal Lake Venture Fund. Mr. Munshani claimed that he was entitled to warrants in excess of $25 million dollars from Signal Lake. In February 2001, Signal Lake Venture Fund II, LP, et al. (Defendant) became privy to the court filings in this case. Within the filings there was an email provided by Mr. Munshani from Hemant Trivedi, CEO of one of the portfolio companies, stating he was indeed entitled to the warrants. Mr. Trivedi denied any knowledge of the email, or any such communication with Mr. Munshani. In an effort to prove their innocence, Signal Lake hired a computer forensic group to conduct a private investigation. The investigation did not show any evidence of the supposed email provided to the court by Mr. Munshani. Mr. Trivedi filed an affidavit stating that the email was forged, while Mr. Munshani filed an affidavit stating the email was real. In March 2001, a computer forensics expert, Kenneth R. Shear, was appointed by the court to perform a forensic examination on the questioned message (the message provided by Mr. Munshani) and the comparative message (a second message from Mr. Trivedi found on Mr. Munshani’s computer). Mr. Shear worked for a company called Electronic Evidence Discovery, Inc. (EED). Mr. Shear’s......

Words: 799 - Pages: 4

Free Essay

Computer Forensics

...Effortless English What is the most important English skill? What skill must you have to communicate well? Obviously, number 1 is Fluency. What is fluency? Fluency is the ability to speak (and understand) English quickly and easily... WITHOUT translation. Fluency means you can talk easily with native speakers-- they easily understand you, and you easily understand them. In fact, you speak and understand instantly. Fluency is your most important English goal. The research is clear-- there is only ONE way to get fluency. You do not get fluency by reading textbooks. You do not get fluency by going to English schools. You do not get fluency by studying grammar rules. The Key To Excellent Speaking Listening Is The Key To get English fluency, you must have a lot of understandable repetitive listening. That is the ONLY way. To be a FANTASTIC English speaker, you must learn English with your ears, not with your eyes. In other words, you must listen. Your ears are the key to excellent speaking. What kind of listening is best? Well, it must be understandable and must be repetitive. Both of those words are important-- Understandable and Repetitive. If you don't understand, you learn nothing. You will not improve. That's why listening to English TV does not help you. You don't understand most of it. It is too difficult. It is too fast. Its obvious right? If you do not understand, you will not improve. So, the best listening material is EASY. That’s right, you should listen......

Words: 1404 - Pages: 6

Premium Essay

What Is System Forensics and Computer Crime

...that is about as far as you need to take it. (Easttom, 2014) 2. What is chain of custody and why must it be followed in investigations? The chain of custody is the chronological documentation of finding, preserving, preparing and presenting evidence. Every person that comes in contact with the evidence is documented so as to keep it from being tampered with. If it is tampered with, than you know who did it. Why the documentation is so important is because if there is a hole in the chain of custody, the evidence is considers tainted and cannot be used in a court of law. A defense attorney would make the argument that evidence may have been planted and they might be right. (Easttom, 2014) Work cited: Easttom, C. (2014). System forensics, investigation, and response. Burlington, MA: Jones & Bartlett Learning....

Words: 380 - Pages: 2

Premium Essay

Computer Forensic Analysis and Repor

... Computer Forensic Analysis and Report Nathaniel B. Rollins Jr Kaplan University Computer Forensics I/CF101 Prof: Tatyana Zidarov November 19, 2012 Computer Forensic Analysis and Report A. INTODUCTION I Nathaniel B. Rollins a Computer Forensic Specialist (CFS) with the Metro Police Department (MPD) received a file image from Officer X to conduct a search for electronic evidence. Which he stated was copied from the SNEEKIE BADINUF (COMPLAINANT) computer, with consent. This was verified through COMPLAINANT statement, repot, consent to search form, and chain of custody, provided by Officer X, along with the request for analyzing the evidence. Upon reviewing of her statement filed on May 14 2006, the COMPLAINANT stated she had received an email from a correspondent named NFarious that demanded $5000 in ransom, or the animals would be harmed. The COMPLAINANT also stated her pets had been gone for an entire week, and she was worried that the abductor may already have injured the animals. During a subsequent interview the COMPLAINANT stated that she took out a $20,000 insurance policy on her pets in September 2005 that would not be active for 6 month. The purpose of this investigation is to confer or negate the COMPLAINTANTS involvement with the kidnaping of the animals. B. MATERIALS AVAILABLE FOR REVIEW a. 1 Chain of Custody b. Evidence Log c. Complainants Statement d. Officers Report e. Forensic Disk Image of Computer f. Photos...

Words: 1176 - Pages: 5

Free Essay

Computer Forensics

...Computer Forensics The world of crime has expanded right along with the explosion of the internet. The modern cyber criminal has veritable global playground in which to steal money and information from unsuspecting victims. Computer forensics is a quickly emerging science against the increasingly difficult battle to bring criminals to justice who perpetrates crimes on others. The computer forensics field is a relatively new investigative tool but enjoys continual advances in procedures, standards, and methodology which is making the identification, preservation, and analyzing of digital evidence a powerful law enforcement apparatus. The job of the cyber forensic professional is to look for clues the attacker left behind on web sites, servers, and even the e-mail message itself that will unravel their sometimes carefully woven veil of secrecy. Attackers come in all forms and from a variety of different circumstances. For instance, an attacker can begin a phishing scam with only a web server they control with very little programming experience and a way to send a lot of e-mail messages. (Jones 4) In order to combat the waves of cyber-attackers, we must utilize Open Source Community applications to combat the continual onslaught of infections, exploitations, and trickery employed everyday against our systems and networks. Today's attacker uses a variety of technologies to employ their methods and understanding those abilities is integral to preparing for an......

Words: 2742 - Pages: 11

Premium Essay

Computer Forensics Tools

...Computer Forensics Tools Strayer University E-Support Undelete Plus is powerful software that can quickly scan a computer or storage medium for deleted files and restore them on command. It works with computers, flash drives, cameras, and other forms of data storage. Deleting a file from your computer, flash disk, camera, or the like does not mean it is lost forever. Software doesn’t destroy files when it deletes, it simply marks the space the file was using as being available for re-use. If nothing has needed that space since the deletion, the data is still there and the file can be recovered. Simply scan the device, select the files you want to recover, and click a button to restore the information (Softpedia, 2013). The interface Undelete PLUS is geared up with is very nice and easy to handle. In the right panel, there is the Drives tree. The user can change the view to file types (MP3, PDF, RTF, RAR, ZIP, XML, PNG, etc.) or to folders. In the left, there will be displayed all the files Undelete PLUS was able to detect. The software will inform you of the state of the files it has detected. This way, you will know that if the status reads "very good" then there still is a chance of recovering that file. "Overwritten" status means that the respective file is either corrupted or cannot be recovered. Additional information tell you about the size of the file, format, path, date of its creation and modification. The software is capable of recovering......

Words: 1755 - Pages: 8

Premium Essay

Examine Computer Forensics and Privacy

...Week 1: Assignment 2 Examine Computer Forensics and Privacy Computers and the Internet have become a pervasive element in modern life. This technology is also used by those who engage in crime and other misconduct. Effective investigation of these offenses requires evidence derived from computers, telecommunications and the Internet. The need for digital evidence has led to a new areas of criminal investigations: Computer Forensics. Forensic investigators identify, extract, preserve and document computer and other digital evidence. This new field is less than fifteen years old, and is rapidly evolving. Education in this field has focused largely on its technical aspects. However, there are significant legal issues and ethical problems that investigators must deal with. Failure to follow proper legal procedure will result in evidence being ruled inadmissible in court. As a result, a guilty criminal might go free. Failure to behave in an ethical manner will erode public confidence in law enforcement, making its job more difficult and less effective. Investigators must have a working knowledge of legal issues involved in computer forensics. They must know what constitutes a legal search of a stand-alone computer as opposed to a network; what laws govern obtaining evidence and securing it so that the chain of evidence is not compromised; what telecommunications may lawfully be intercepted or examined after they have been received; what legally protected privacy......

Words: 823 - Pages: 4

Free Essay

Assignment 1: Computer Forensics Overview

...Assignment 1: Computer Forensics Overview CIS 417 Computer Forensics Computer forensics is the process of investigating and analyzing techniques to gather and preserve information and evidence from a particular computing device in a way it can be presented in a court of law. The main role of computer analyst is to recover data including photos, files/documents, and e-mails from computer storage devices that were deleted, damaged and otherwise manipulated. The forensics expert’s work on cases involving crimes associated with internet based concerns and the investigations of other potential possibilities on other computer systems that may have been related or involved in the crime to find enough evidence of illegal activities. Computer experts can also use their professional knowledge to protect corporate computers/servers from infiltration, determine how the computer was broken into, and recover lost files in the company. Processes are used to obtain this information and some of the processes are as follows; * Investigation process: Computer forensics investigations will typically be done as part of a crime that allegedly occurred. The first step of the investigation should be to verify that a crime took place. Understand what occurred of the incident, assess the case, and see if the crime leads back to the individual. * System Description: Next step, once you verified the crime did occur, you then begin gathering as much information and data about the specific...

Words: 1397 - Pages: 6

Premium Essay

Assignment 4 Computer Forensics Tools

...Assignment 4 Computer Forensic Tools Derek Jackson Computer Crime Investigation Professor: Dr. Jessica Chisholm 03/06/2016 When purchasing computer forensics tools and resources for a company, you always want to make sure you are doing the necessary research and determining which of these programs are the best options for the company. This is very important job in any company as you are in charge of not only protecting the company’s data with these tools, but also recovering any information that may have been lost or deleted. There are many programs that are available that can be used to recover deleted files. Two of the programs that you could use are the MiniTool Partition Recovery and PC Inspector File Recovery. The MiniTool Partition Recovery is a free program that has a wizard-based interface which makes it very easy and straightforward to use and understand. You can point the MiniTool Partition Recovery at the problem drive, specify the area to be searched, and it will scan for the missing partition. Then a report will generate that will let you know what the program has found, and you can then recover that partition in a few seconds typically. The only downfall is that you won’t get a bootable recovery disk, so if the partition is damaged then the MiniTool Recovery program won’t be able to recover the deleted partition. The PC Inspector File Recovery allows you to be able to recover a full set of missing files on both FAT and NTFS drives. They are......

Words: 1005 - Pages: 5

Premium Essay

Computer Forensics and Cyber Crime

...Computer Forensics and Cyber Crime Author Institution Computer Forensics and Cyber Crime A security survey or audit can also be referred to as a vulnerability analysis. A security survey is an exhaustive physical examination whereby all operational systems and procedures are inspected thoroughly (Fischer & Green, 2004). A security survey involves a critical on-site examination and analysis of a facility, plant, institution, business or home to determine its current security status, its current practices deficiencies or excesses, determine level of protection needed, and ways of improving overall security levels are recommended. A security survey can either be done by in-house personnel or by external security consultants. However, outside security experts are preferred their approach to the job would be more objective and would not take some parts of the job for granted therefore resulting to a more complete appraisal of current conditions. A security survey/audit should be carried out regularly so as keep improving to and up to date especially with the growing rate of technology. Overall objectives of a security survey are: determination of current states of security, location various weaknesses in the security defenses, determination of level of protection required and finally give recommendations for the establishment of a total security program (Fischer & Green, 2004). Some weaknesses identified in the process of a security survey may be:......

Words: 686 - Pages: 3

Premium Essay

Computer Forensics Operational Manual

...COMPUTER FORENSICS OPERATIONAL MANUAL 1. Policy Name: Imaging Removable Hard Drives 2. Policy Number/Version: 1.0 3. Subject: Imaging and analysis of removable evidence hard drives. 4. Purpose: Document the procedure for imaging and analyzing different types of evidence hard drives removed from desktop or laptop computers. 5. Document Control:Approved By/Date: Revised Date/Revision Number: 6. Responsible Authority: The Quality Manager (or designee). 7. Related Standards/Statutes/References: A) ASCLD/LAB Legacy standards,,,,, and B) ASCLD/LAB International Supplemental requirements: 3 (Terms and Definitions),,,, C) ISO/IEC 17025:2005 clauses: 4.1.5 (a, f, g, h, and i), 4.2.1, 4.2.2 (d), 4.2.5, 4.3.1, 4.15.1, 5.3.2, 5.4.1, 5.4.4,, (a - c), all of 5.5, all of 5.8, and 5.9.1 (a). 8. Scope: Imaging and examining different types of hard drives (SATA, SCSI, and IDE) removed from desktops and laptops. 9. Policy Statement: A) No analysis will be performed without legal authority (search warrant or consent form). If not submitted, the examiner must contact the investigator to obtain the necessary legal authority. B) Forensic computers are not connected to the Inter-net. C) All forensic archives created and data recovered during examinations are considered evidence. D) Changes to this procedure can be made if approved by the Quality Manager, who will document the changes...

Words: 731 - Pages: 3

Free Essay

Computer Forensics forensics Background of Computer forensics: What is most worth to remember is that computer forensic is only one more from many forensic subdivisions. It’s not new, it’s not revolution.. Computer forensics use the same scientific methods like others forensics subdivisions. So computer forensics is not revolution in forensic science! It’s simple evolution of crime techniques and ideas. Forensic origins: Forensic roots from a Latin word, “forensic” which generally means forum or discussion. In the reign of the Romans, any criminal who has been charged with a crime is presented before an assembly of public folks. Both of the complainant and the defendant are to present their sides through their own speeches. The one who was able to explain his side with fervent delivery and argumentation typically won the case. It is important to realize that computer forensics is only one subdivision of forensic science. It is digital, it includes most advanced computer science but still it is only branch of forensic science, an its main goal is  submission of the proven claims of scientific methods and strategies to recover any significant digital traces. Computer Forensic Timeline: 1970s • First crimes cases involving computers, mainly financial fraud 1980’s • Financial investigators and courts realize that in some cases all the records and evidences were only on computers. • Norton Utilities, “Un-erase” tool created • Association of Certified......

Words: 4790 - Pages: 20

Free Essay

Computer Intrusion Forensics

...Computer Intrusion Forensics Research Paper Nathan Balon Ronald Stovall Thomas Scaria CIS 544 Abstract The need for computer intrusion forensics arises from the alarming increase in the number of computer crimes that are committed annually. After a computer system has been breached and an intrusion has been detected, there is a need for a computer forensics investigation to follow. Computer forensics is used to bring to justice, those responsible for conducting attacks on computer systems throughout the world. Because of this the law must be follow precisely when conducting a forensics investigation. It is not enough to simple know an attacker is responsible for the crime, the forensics investigation must be carried out in a precise manner that will produce evidence that is amicable in a court room. For computer intrusion forensics many methodologies have been designed to be used when conducting an investigation. A computer forensics investigator also needs certain skills to conduct the investigation. Along with this, the computer forensics investigator must be equipped with an array of software tools. With the birth of the Internet and networks, the computer intrusion has never been as significant as it is now. There are different preventive measures available, such as access control and authentication, to attempt to prevent intruders. Intrusion detection systems (IDS) are developed to detect an intrusion as it occurs, and to execute countermeasures when......

Words: 9608 - Pages: 39

switch sound file converter encoder options | Samsung Galaxy S10 | Economic Forecasting Paper - 366 Words