The essentials of computer forensics

Related Links

On the cutting edge

Computer forensics, a rapidly growing field, is the use of hardware and software tools to recover the contents of a digital device for use as evidence in court.

The discipline essentially is the same from agency to agency. The basic functions include:
    Secure the digital evidence. Seize the personal computers, cell phones, printers, personal digital assistants or other devices, and keep them in secure locations, such as evidence rooms.

  • Create an identical replica of the digital information on the original hardware. Once this replica is created, the original evidence is not used again, to guard against claims of tampering.

  • Using the replica copy, find and catalog all the files relevant to the investigation under way, including locating all visible files, deleted files and encrypted files.

  • Recover data contained in all files, including by undeleting files, decrypting encrypted files and cracking passwords on protected files.

  • Analyze all the data, looking for information that has bearing on the investigation at hand.

  • Create reports and analyses that summarize findings and can be used in court.

  • Maintain secure copies of the replica evidence, reports and analyses for a specified period of time, perhaps permanently.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above