Chapter 1: Windows Forensics

Overview

forensics (P) Pronunciation Key (f-rnsks,-zks) n. (used with a sing. verb) The use of science and technology to investigate and establish facts in criminal or civil courts of law

Forensics is a topic that has captured recent public interest. From DNA evidence in the O.J. Simpson trial to bullet fragment analysis in the Washington, D.C., sniper trials, the basic concepts of forensics have become more familiar to the American people now more than ever.

Fictional television programs such as CSI: Crime Scene Investigation and Cold Case showcase forensic science, and docudramas such as New Detectives and Forensic Files focus on cases in which forensic evidence has lead to or supported a prosecution. Both types of shows highlight the glamorous side of forensics, the discovery of the proverbial smoking gun, which ultimately leads to a successful arrest and prosecution . They do not do justice to the weeks and months of effort that go into the identification, acquisition, and analysis of the evidence by a team of dedicated, highly trained analysts. It makes for good television to show the comparison of two hair follicles under a microscope; the audience is much less interested in the days spent combing through a vehicle inch-by-inch to find and catalog those follicles. Similarly, in the world of computer investigation, it makes for better drama to show a graphical phone trace tracking a dial-up user located around the globe than to show the days spent acquiring and hashing a hard drive and the meticulous preparation of the evidence report.

Computer forensics applies the same scientific principles as other forensics fields to the identification, acquisition, and analysis of digital evidence. With the advent of the Internet, both network and system forensics are becoming increasingly interrelated. The digital evidence sought by an analyst might reside on any number of devices, including personal digital assistants (PDAs), USB pen drives , digital cameras , and cell phones. Additionally, all modern operating systems are network capable, and it is rare to find standalone PCs with no external connections, providing further evidence on routers, servers, firewalls, and proxys. The field of computer forensics encompasses both system forensics and network forensics, and an understanding of both is required to conduct a thorough investigation.



Windows Forensics. The Field Guide for Corporate Computer Investigations
Windows Forensics: The Field Guide for Corporate Computer Investigations
ISBN: 0470038624
EAN: 2147483647
Year: 2006
Pages: 71
Authors: Chad Steel

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net