CONVENTIONS

 < Day Day Up > 



CONVENTIONS

This book uses several conventions to help you find your way around, and to help you find important sidebars, facts, tips, notes, cautions, and warnings. You see eye-catching icons in the left margin from time to time. They alert you to critical information and warn you about problems.

John R. Vacca
vacca@hti.net



 < Day Day Up > 

 < Day Day Up > 



Part I: Overview of Computer Forensics Technology

CHAPTER LIST

Chapter 1: Computer Forensics Fundamentals
Chapter 2: Types of Computer Forensics Technology
Chapter 3: Types of Vendor and Computer Forensics Services



 < Day Day Up > 

 < Day Day Up > 



Chapter 1: Computer Forensics Fundamentals

OVERVIEW

Electronic evidence and information gathering have become central issues in an increasing number of conflicts and crimes. Electronic or computer evidence used to mean the regular print-out from a computer—and a great deal of computer exhibits in court are just that. But, for many years, law enforcement officers have been seizing data media; and, computers themselves, as they have become smaller and more ubiquitous.

In the very recent past, investigators generated their own print-outs, sometimes using the original application program, sometimes specialist analytic and examination tools. More recently, investigators have found ways of collecting evidence from remote computers to which they do not have immediate physical access, provided such computers are accessible via a phone line or network connection. It is even possible to track activities across a computer network, including the Internet.

These procedures form part of what is called computer forensics, though some people also use the term to include the use of computers to analyze complex data (for example, connections between individuals by examination of telephone logs and/or bank account transactions). Another use of the term is when computers are employed in the court itself, in the form of computer graphics, to illustrate a complex situation such as a fraud or as a replacement for large volumes of paper-based exhibits and statements.

So, what actually is computer forensics? Computer forensics is about evidence from computers that is sufficiently reliable to stand up in court and be convincing. You might employ a computer forensics specialist to acquire evidence from computers on your behalf. On the other hand, you may want one to criticize the work of others. The field is a rapidly growing one, with a solid core, but with many controversies at its edges.



 < Day Day Up > 

 < Day Day Up > 



WHAT IS COMPUTER FORENSICS?

Computer forensics, also referred to as computer forensic analysis, electronic discovery, electronic evidence discovery, digital discovery, data recovery, data discovery, computer analysis, and computer examination, is the process of methodically examining computer media (hard disks, diskettes, tapes, etc.) for evidence. A thorough analysis by a skilled examiner can result in the reconstruction of the activities of a computer user.

In other words, computer forensics is the collection, preservation, analysis, and presentation of computer-related evidence. Computer evidence can be useful in criminal cases, civil disputes, and human resources/employment proceedings.

Far more information is retained on a computer than most people realize. It’s also more difficult to completely remove information than is generally thought. For these reasons (and many more), computer forensics can often find evidence of, or even completely recover, lost or deleted information, even if the information was intentionally deleted.

Computer forensics, although employing some of the same skills and software as data recovery, is a much more complex undertaking. In data recovery, the goal is to retrieve the lost data. In computer forensics, the goal is to retrieve the data and interpret as much information about it as possible.



 < Day Day Up >