Assignment 1: Computer Forensics Overview
CIS 417 Computer Forensics
Computer forensics is the process of investigating and analyzing techniques to gather and preserve information and evidence from a particular computing device in a way it can be presented in a court of law.
The main role of computer analyst is to recover data including photos, files/documents, and e-mails from computer storage devices that were deleted, damaged and otherwise manipulated. The forensics expert’s work on cases involving crimes associated with internet based concerns and the investigations of other potential possibilities on other computer systems that may have been related or involved in the crime to find ...view middle of the document...
The sources of the data found, the data would then be saved and placed as vital and non-vital evidence. The data acquired would then be carefully verified and ensure the chain of custody be followed.
* Timeline Analysis: During the above processes, the start investigation and analysis in your forensics lab, a full timeline with time, date, what was used should be kept.
* Media and Artifact Analysis: In most cases there will be an abundance of information that you will be searching through. String or Byte Search: Here it will consist of tools help in searching very low-level raw images. You realize what you are looking then you can use this method to find it.
* Data Recovery: During data recovery entails recovering data from the file system labeling it, time it was accessed along with the time stamps the programs was last used will be accessed.
* Reporting Results: During the reporting results which is the last step in computer forensics analysis, is reporting the information found which includes, but not limited to depending on what the investigation entails is; describing what actions were performed during the process, determining what other actions may be needed to be performed to potentially find more information, and recommending improvements to policies, guidelines, procedures, tools, and other aspects of the entire process.
There can be major issues computer forensics examiners may face which can be categorized into three wider groups; legal issues, administrative issues, and technical issues.
Some of the issues pertaining to these include;
* Encryption: Encryption prevents access to data unless the analyst has password or encryption key.
* Increased Storage Space: Most storage media have large amount of data stored in it, which for the examiner means they must have computers with equally more processing power in them to be able to analyze the data fast and accurately.
* New Technology: The world of computers is evolving so fast, there is always an introduction to new hardware and software and constant updates and changes of Operating Systems. New hardware and software along with constant changes of operating systems and programs in general make it difficult for a computer forensics person to always be up to date with the latest. Each time there is potentially a new challenge.
* Legal issues: This may distract the findings of the examiner, an example is Trojan Defense. Administrative Issues: Administrative issues may include accepted standards that are guidelines in computer forensic, and another administrative issue is fit to practice which shows that there is no body that checks the competence in this profession.
Provide an overview of how computing devices are used in crimes of today and how these crimes can affect a company's data and information.
An overview of some of the crimes used in cyber technology is:
* Hacking: Hacking is breaking into a computer system, knowingly or unknowingly, to...