What is Computer Forensics?


by Jason Perry - Date: 2007-02-22 - Word Count: 610 Share This!

It is the end of the day and it has been discovered that several critical files are missing from your file server. That alone is normally is enough to freak out most server administrators, but this specific incident also happened to be on the exact same day a particular employee was 'terminated'. As you recall that individual, had access to the missing data, but as far as you know, she didn't seem like the type of person to do something malicious. Then again, you noticed she seemed pretty upset as she was clearing out her desk that day too. You begin to wonder if there is a connection between the two, and if so, how you collect the necessary information to present to your manager.

No, you are not imagining a scene from CSI or Court TV. This situation happens daily in real life and may have happened, or could happen, at the company you work for. Remember Enron?

What is Computer Forensics?

Computer forensics, sometimes known as "Digital Forensics" or "Electronic Evidence Discovery", is often described as "the preservation, recovery and analysis of information stored on computers or other electronic media".

Computer forensics has quickly become a vital tool and source of information for criminal investigators, corporate counsel, and prosecutors. Computer forensics investigators use their skills to identify and restore formatted, corrupted, deleted or hidden files from computers or other electronic media while maintaining crucial data trails, time & date stamps and accurate chain of custody & controls. They also obtain access to protected or encrypted data by using specialized software.

In addition, with the increased usage and dependence on the Internet, for corporate and individual communication, computer forensic investigators are equip to analyze emails, Internet searches, file transfers, online account transactions and anything else a computer is used to do over the Internet.

How do they do it?

Computer forensic investigators typically focus on 4 areas when investigating a potential incident. There are other areas of attention as well, but the following are the most common. Including illicit and damaging activities that could damage your company's reputation.

Saved Files

These are files that can be viewed on the computer. This is usually a non-intrusive task to obtain these files.

Deleted Files

These files are just that...deleted. They are either in the 'trash' or require special software to 'capture and restore' the files. This is usually a non-intrusive task to obtain these files.

Temporary Files

These files are typically generated from browsing the Internet, working on a document, some types of back-up software as well as certain software installations for example. Identifying these requires specialized software and is an intrusive process.

Meta Data

This information typically is associated with the details of a file or document. Such as, the date the file was created, modified and last accessed. Additional information that could be captured could include the original creator of the file (of course that information depends on the original installation of the application) as well as anyone who has ever accessed the file. Identifying these requires specialized software and may or may not be an intrusive process.

What would Computer Forensics Service be used for?

There are several possible uses for this type of service. The most common applications of computer forensics are as follows:

Divorce CasesElectronic Investigation Expert Witness Service Corporate E-mail Investigation Litigation Support Intellectual Property Disputes Investigation and Discovery Litigation Programs Insurance Fraud Cases Corporate Investigations Corporate Counsel Support Electronic Records Management

There are many reasons why you, or your company, may require the service of a computer forensics investigator. If you suspect that you may have an incident requiring computer forensic service, or electronic evidence discovery & analysis, you should secure the computer from further use and contact an experienced computer forensics service company.


Related Tags: data recovery, data loss, hard drive failure, computer forensics, corrupt disk drive

Jason Perry

ADR Data Recovery is available to evaluate the damage and potentially recover your lost data. For more information on ADR Data Recovery's Computer Forensics service, visit http://www.computerforensicsassociates.com

Your Article Search Directory : Find in Articles

© The article above is copyrighted by it's author. You're allowed to distribute this work according to the Creative Commons Attribution-NoDerivs license.
 

Recent articles in this category:



Most viewed articles in this category: