Computer Forensics Work
How Computer Forensics Analysts Work
Thanks to television shows most of us already have an idea of what forensics is. Although some scenes are not depicted correctly (examining specimens are more exhausting and mentally draining due to the constant demand for paying attention to details, they don't look as easy as they are in television with swooping camera angles) they have given us an idea on what they do in collecting evidence.
Computer forensics is part of this investigation. Due to the higher incidence of cyber crimes they are now an essential part of the legal process.
We already have an idea on what they do. However a computer forensics job entails a lot of procedures and expertise. Like any other evidence electronic data can also be fragile and damaged. There are certain steps to be followed to ensure that the data will be collected without being tampered.
A day in the work of a computer forensic analyst
The first thing that an analyst will do is to secure the data and the machine. The data can never be analyzed in the same system that it came from so exact copies are made. Usually the data in a hard drive is duplicated to extract the information needed.
The collection process starts when the analyst examines the surroundings of the machine. Other physical evidence such as notes, disks and printouts are also taken. Photographs of the surroundings are also taken. The area is also examined for portable storage devices.
If the computer system is still operating the information will be collected by examining its applications. Computers that are used for illegal communications may not have all of the data stored in the hard drive. Information stored in Random Access Memory will be lost if the computer is shut down so this step is important.
Open source tools are used to analyze on live computers. Analysts can also obtain an image of mapped drives and encrypted containers while they are on. The data from network connections are captured first, then running applications, and lastly from the Random Access Memory.
The computer is then shut off carefully in a way that it will not loose any data. The method used will depend in the computer and the operating system it uses. If proper shut down is made volatile data can be lost. Pulling the plug is not advisable either because it may corrupt the file system and loose important data.
The analyst then inspects for trap and photographs the configuration of the system. A diagram will also be made including serial number and markings.
The analyst then makes an exact duplicate of the hard drive called Imaging. They often use hard drive duplicators or software imaging tools. This is done in sector levels to make bit-stream copies of ever part that is accessible to the user which can store data.
The original hard drive is then installed with a hardware write protection and sent to a secure storage. After making a complete and accurate copy the duplicated data can now be analyzed for evidence. Analysts use algorithm to make sure that the imaging process is verified. Two algorithms are generally used in this process.
The analyst then renders his opinion then documents everything that was done. A report is made that contains all the findings of the analyst and whether or not it has been used in an illegal activity or criminal act.
More Articles
Computer Forensic Investigation
Computer Forensic Analysts Job
Certificate Program In Computer Forensics
Related Products And FREE Videos
More Articles
Pros And Cons Computer Forensics
... required in the court of law. The computer forensic analyst must show that the data is tampered. His or her own investigation must also be fully documented and accounted for. Computer forensics must also training of legal standard procedures when handling evidence. The main disadvantage is the cost of when retrieving data. Computer forensic experts hire per hour. Analysis and reporting of data can take as long as 15 hours but it will also depend on the nature of the case. Another one is that when retrieving data, analyst may inadvertently disclose privilege documents. Legal practitioners involved ...
Computer Forensic Analysts Job
... Electronic data can be easily changed compared to physical evidences. Analysts must also be cautious of viruses, damages and traps. After the evidence has been analyzed the analyst establishes and maintains the chain of custody. The evidence will then be stored in its proper place. After the examination has been finished the analyst documents his or her reports and findings. This also includes everything that he has done so far in his investigation. The analyst has to keep in mind that they should exceed beyond their knowledge approach the investigation without bias. If the original evidence had ...
... divorces. Their skills are not just applicable for data acquisition and retrieval but also crimes in the internet. They can detect fraud done online by examining your computer. There are also companies that offer consulting services. Individuals with enough money often initiate their own investigations by hiring experts in the field. Of course, to get yourself employed just be sure that you have a wide educational background in computer forensics. With the continuing importance of computer in our lives, it's no wonder that criminals will use them to get what they want. Hacking nowadays is already ...
... any other transaction made over the Internet. Computer forensics reports are prepared by none other than the computer forensics investigators who gather the necessary information, analyze them and then draft out the final computer forensics reports. In the advent of the multifarious computer-related crime incidents, the criminals oftentimes leave behind the clues which aid the investigators to track down the root cause of the crime. Even when the files have been deleted from the specific location in the computer, the original data is not at all erased from the entire computer system. With the certain ...
... or discussion. In the reign of the Romans, any criminal who has been charged with a crime is presented before an assembly of public folks. Both of the complainant and the defendant are to present their sides through their own speeches. The one who was able to explain his side with fervent delivery and argumentation typically won the case. That individual was referred to as one who was skilled in forensics Forensic Science Historical Points The earliest account of the employment of forensic science can be traced back to the renowned legend of Archimedes' "Eureka". He defined that a crown was not ...