Today we shall talk about computer forensics and including the overall concept of computer forensics. What is a digital trail? What is process and restrictions exist as well as defining the needs of a computer forensic investigator.
Basic idea of computer forensic is to investigate computer equipment and any associated component determine if it has been used or what is level of crime or any type of unauthorized computer activity accrue.
Now the reason we define the difference between crime and unauthorized activity a crime constitute violate a federal or other law which is established by any organization. This going to take place across the border, if it is a public computer or any part of an organization.
Unauthorized activities are usually the activities which are restricted by policy in corporate or work place environment. Forensic investigator play role for these type of investigation even it is a criminal activity or any activity which sabotage the corporate policy.
Computer forensics based on 5 basic investigation procedures which are
5. Documentation and presentation of evidence.
Evidence must be collected with accordance, proper method and accepted forensic techniques otherwise they will be not accepted or useful for any crime investigation.
First of all we shall talk about preservation, this process is very critical and you have to be very careful about this because a little mistake or carelessness can destroy or eliminate your evidence. This evidence is normally based on digital trails and digital finger prints.
Second phase is acquisition process. This process is after preservation and this is the process about how to gain your evidences from digital crime scene. It is based on high-end techniques and tool based. And only performed by a certified forensic expert.
Next phase is analysis and discovery. Here we analysis all evidences and isolate non relative or relative evidences and break down them into proper evidences which is relevant to the crime. Now we have to documentation and make able to present them as proper evidence. This phase is especially for litigation purposes and this will be served to proof the crime.
Here we have some legally binding situations for evidences. Evidences must be handles a proper legal way and acceptable standards and for this purpose the computer forensic personnel must be specially trained in analysis techniques and also have a great knowledge of computer hardware and software.
Because when evidences are for litigation, federal law agencies have their own standards of evidences so the evidences must be collect in these manners. Collecting and handling must be through proper chain of custody and you must know the standards of the agency where you have to present evidences. As a computer forensics investigator the personnel must be expert in documentation, analysis, acquisition and preservation. Without a proper documentation and presentation you can get your goals.