Tuesday, July 22, 2008

Preparing For Computing Investigations

Computer forensic techniques and methodologies are commonly used for conducting computing investigations in the interest of figuring out what happened, when it happened, how it happened, and who was involved. Basically, computing investigations and computing forensics fall into two main categories : Public investigations and Private or Corporate investigations. In both situations, you need to equip yourself with knowledge of the legal rules and systems that govern Forensic Computing investigations. It includes the study of effective strategies for data collection, data preservation, data analysis and reporting of forensic computing investigations.

The task of investigating computers and computer data has increased considerably in the last 5-10 years and also with the use of computers to support ‘conventional’ crime, network security threats and cyber crimes are rising, which mean that computing forensics and security specialists are increasingly valued by government, law enforcement agencies and businesses. Law enforcement administrators historically have encountered significant problems finding individuals who possess technical expertise as well as investigative training.

There are experienced investigators and there are knowledgeable computer specialists, but rarely does one person command both sets of skills. So, both parties must work alongside to enable them to understand the key concepts and to manage the transformation of data collected into a legal case. In order to accomplish these goals, there are well-defined procedures, also derived from law enforcement, for acquiring and analyzing the evidence without damaging it and authenticating the evidence and providing a chain-of-custody that will hold up in court.

Another aspect that you need pay attention to is software used in investigation. Properly use modern forensic software tools to conduct an evidence investigation. To ensure evidence is gathered and preserved so it can be used in court, you will explore legal and ethical issues. Digital forensic evidence has a human side: legal and technical teams must work together, and the result of their efforts normally will be presented to non-specialists who render a decision within the societal framework of a court of law.

So, in general, when conducting a computer investigation, the legal processes you follow depend on local custom, legislative standard, and rules of evidence. It follows three stages: the complaint, the investigation and the procescution. Someone files a complaint, a specialist investigates the complaint and with the help of prosecutor, collects evidence and builds a case. If a crime has been commited, the case is tried in court. That's all you need to prepare youself before investigating a case.

Wednesday, July 16, 2008

Preparing Your Own Computer Forensics Resources

Previously, I mentioned that you need to know a lot of stuff related to computer technical stuff. Question is, can you cope with all those yourself as a Computer Forensics Investigator ? The answer is obviously No, nobody can know everything about the technology you are investigating. So, to be a successful Computer Forensics Investigator, you must at least familiar with more than one computing platforms such as Linux, Macintosh, and the current Windows platforms, including the older platforms such as DOS and Windows 9x.

To supplement your knowledge, you may develop and maintain contact with other investigative professionals. Keep track your contacts, and record the names of other professionals with whom you have worked, their area of expertise, the last few projects you worked on together, and their particular contribution.

It maybe helpful by joining as many computer user groups as you can, both in the public and private sectors. Perhaps, build a community that is also among computer forensic experts and other related professionals, and keep in touch with them via e-mail. Find and cultivate professional relationship with people who specialize in technical area different from your own. If you are a Windows Expert, maintain contact with experts in Linux, UNIX, and Macintosh.

Ok, in the next posting, I'll cover in-depth more about Computing Investigations. Please keep your "forensic" eyes on this blog more frequently.

Tuesday, July 15, 2008

Computer Forensics 101

Hi Folks,
Hope you enjoy this blog, as I'll be focusing more about Computer Forensics and Computer Security Related issues. So, let's start with the basic term of "Computer Forensics". Basically, it involves obtaining, examining and analyzing digital information which will be used for evidence in civil, criminal, or administrative cases. In general, computer forensics investigates all data that can be retrieved from the hard disk or other digital storage media.

So, one needs to have some knowledge on how to recover data that users have hidden or deleted data, decipher data, examine the suspect data to determine details such as origin and content, and apply laws to computer practice, etc. In most cases, Computer Forensics involve some technical skills on how computer network operates, broad knowledge of different type of operating systems, and how to operate range of different machines (Unix, IBM, Apple, etc). Bottom line, you need to keep yourself updated with the latest technologies used in different computer environments.

Okay guys, I'll be keep posting more about this matter. Check this blog frequently.