Computer forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a legally acceptable manner. The main objectives of computer forensics are to find criminals related to cyber crimes and uncover digital evidence that can be used in legal proceedings. Computer forensics specialists like criminal prosecutors and those involved in civil litigation rely on evidence from computers to build cases. Digital evidence must be admissible, authentic, complete, reliable and believable to stand up in court.
4. What is Computer Forensics ?
“Computer Forensics is the process of identifying, preserving, analyzing and
presenting the digital evidence in such a manner that the evidences are legally
acceptable”.
5. Objective of Computer Forensics
The main objective is to find the criminal which is directly or indirectly related to
cyber world.
To find out the digital evidences.
Presenting evidences in a manner that leads to legal action of the criminal.
8. WHO USES COMPUTER FORENSICS?
Criminal Prosecutors - Rely on evidence obtained from a computer to prosecute
suspects and use as evidence.
Civil Litigations - Personal and business data discovered on a computer can be
used in fraud, harassment, or discrimination cases.
9. DIGITAL EVIDENCES
“Any data that is recorded or preserved on any medium in or by a computer system or other similar
device, that can be read or understandby a person or a computer system or other similar device”.
10. TYPE OF DIGITAL EVIDENCES
PERSISTANT DATA- Data that remains
unaffected when the computer is turned off.
Example- Hard Drives & storage media.
VOLATILE DATA- Data that would be lost if the
computer is turned off.
Example-Deleted files, computer history, the
computer's registry, temporary files and web
browsing history.
11. RULES FOR DIGITAL EVIDENCES
Admissible-Must be able to be used in court or elsewhere.
Authentic-Evidence must be relevant to the case.
Complete-Must not lack any information.
Reliable-No question about authenticity.
Believable-Clear, easy to understand, and believable by a jury.
12. Steps of Collection of Evidence
Find the evidence; where is it stored.
Find relevant data – recovery.
Create order of volatility.
Collect evidence – use tools.
Good documentationof all the actions.
13. Steps of Investigation in Live Analysis
Acquisition: Physically or remotely obtaining possession of the computer and external
physical storagedevices.
Identification: This step involves identifying what data could be recovered and electronically
retrieving it by runningvarious Computer Forensic tools and software suites.
14. Evaluation: Evaluating the data recovered to determine if and how it could be used again the
suspect for prosecution in court.
Presentation: Presentation of evidence discovered in a manner which is understood by
lawyers, non-technicallystaff/management, and suitable as evidence asdetermined by laws.
15. What not to be done during investigation?
Avoid changingdate/time stamps (of files for example)or changingdata itself.
Overwriting of unallocatedspace (which can happen on re-boot for example).
18. SKILLLS REQUIRED FOR COMPUTER FORENSICS
Proper knowledge of computer.
Strong computer science fundamentals.
Strong system administrative skills.
Knowledge of the latest forensic tools.
19. Advantages
Digital Forensics help to protect from and solve cases involving:
Theft of intellectual property- This is related to any act that allows access to
customer data and any confidential information.
Financial Fraud- This is related to anything that uses fraudulent purchase of
victims information to conduct fraudulent transactions.
20. Disadvantages
Digital evidence accepted into court must prove that there is no tampering.
Costs- producing electronic records & preserving them is extremely costly.
Legal practitioners must have extensivecomputer knowledge.
21. Conclusion
This field will enable crucial electronic evidence to be found, whether it was lost, deleted,
damaged, or hidden, and used to prosecute individuals that believe they have successfully
beaten the system.