Computer Forensics Seminar
Computer Forensics Seminar
Index
1. Introduction 2. History of Computer Forensics 3. What is Computer Forensics 4. Goal of Computer Forensics 5. Digital Evidence 6. Advantages & Disadvantages of Computer Forensics 7. Applications of Computer Forensics 8. Conclusion 9. References 4 5-6 7-8 8 9-10 11 12 13 14
Figures Index:
Fig 1: Federal bureau of investigation logo Fig 2: DNA Evidence Fig 3: Crime Evidence Fig 4: Equipments used for Digital evidence 5 9 10 10
Introduction
Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. It is a Scientific process of preserving, identifying, extracting, documenting, and interpreting data on computer. Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail. Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high profile cases and is becoming widely accepted as reliable within US and European court systems. Forensics deals primarily with the recovery and analysis of the latent evidence.Latent evidence can take many forms,from fingerprints left on a window to DNA evidence recovered from blood stains to the files on a hard drive.It is the discipline that combines elements of law and computer science to collect and analyze data from computer systems,networks,wireless communications, and storage devices in a way that is admissible as evidence in a court of law. It is the science was created to address the specific and articulated needs of law enforcement to make the most of this new form of electronic evidence .With the average storage capacity in a personally owned microcomputer approaching 30 gigabytes. Computer Forensics has become a vital role in providing evidence in cases such as computer misuse and attacks against computer systems as well as more traditional crimes such as murder, money laundering,drugs,abuse and fraud.
Economic Crimes Harassment (sexual) Child Pornography Major Crimes Identity Theft (short or long-term plans) Simply stated, computer forensics can be used to investigate any crime or incident directly or indirectly related to a computer.
Digital Evidence
Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial.[1] Before accepting digital evidence a court will determine if the evidence is relevant, whether it is authentic, if it is hearsay and whether a copy is acceptable or the original is required. The use of digital evidence has increased in the past few decades as courts have allowed the use of e-mails, digital photographs, ATM transaction logs, word processing documents, instant message histories, files saved from accounting programs, spreadsheets, internet browser histories, databases, the contents of computer memory, computer backups, computer printouts, Global Positioning System tracks, logs from a hotels electronic door locks, and digital video or audio files.Many courts in the United States have applied the Federal Rules of Evidence to digital evidence in a similar way to traditional documents, although some have noted important[according to whom?] differences. For example, that digital evidence tends to be more voluminous, more difficult to destroy, easily modified, easily duplicated, potentially more expressive, and more readily available. As such, some courts have sometimes treated digital evidence differently for purposes of authentication, hearsay, the best evidence rule, and privilege. In December 2006, strict new rules were enacted within the Federal Rules of Civil Procedure requiring the preservation and disclosure of electronically stored evidence. Digital evidence is often attacked for its authenticity due to the ease with which it can be modified, although courts are beginning to reject this argument without proof of tampering. CATEGORIES OF EVIDENCE:
Conclusion
Hence, by this technology of computer forensics, crime cases can be solved very easily within a very short time span and the accused is easily caught by the sure shot evidences. The reasons behind the crime scene can be easily determined and solved in various situations and scenarios. In law, if information is not admitted into evidence, then, for legal purposes, it does not exist. Testimony by both the forensic specialist who developed the evidence and someone who can explain its significance to the case is often required. Only then does the information become evidence. It should be clear from the above that technical skills and legal expertise must be combined in order to discover, develop and utilize digital evidence. The process used must conform to both the law and science. Failure in either arena, renders the product legally worthless The preceding has been based on the use of computer forensics to exploit stored digital information. Certainly, this need will grow dramatically in the future, as more and more of society's information are stored electronically. However, a potentially even larger use may be to document activities and processes that take place electronically. In other words, to examine data that is not only at rest, but also that which is in motion. And while the law will slowly evolve and accept more and more technical issues, computer forensic specialists will continue the process of education for all parties in the legal process.
References
Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. Richard Bejtlich, The Tao of Network Security Monitoring, Addison-Wesley, 2005. N. Brownlee and E. Guttman, , RFC 2350 - Expectations for Computer Security Incident Response, http://www.faqs.org/rfcs/rfc2350.html, 1998. Mariusz Burdach, Forensic Analysis of a Live Linux System, Part One, http://www.securityfocus.com/infocus/1769, March 2004. Mariusz Burdach, Forensic Analysis of a Live Linux System, Part Two, http://www.securityfocus.com/infocus/1773, April 2004.