Computer forensics plays a vital role in investigating modern crimes that involve technology. A computer forensics investigator is responsible for preserving, extracting, and documenting digital evidence from computers or other electronic devices so that it can be used in a court of law. It is crucial that an investigator follows proper procedures such as making copies of evidence rather than working with originals, and maintaining a clear chain of custody throughout the entire investigation process. Computer forensics can be used to solve cases involving intellectual property theft, financial fraud, hacking, cybercrimes, and more.

1. Computer Forensics
By John Intindolo
ISSC4551
Instructor Michael Lewis
(“Computer forensics,” n.d.)

2. What is Computer Forensics?
• Computer Forensics is the process of
identifying, preserving, extracting,
interpreting, and documenting
computer evidence so that it may be
used in a court of law
(“Forensic process,” n.d.)

3. Benefits of Computer Forensics
• Computer Forensics is used to protect
from and solve cases involving the
following computer crimes:
• Theft of Intellectual Property
• Financial Fraud
• Hacking Techniques
• Distributing of Viruses, Trojans, Worms, and
other malicious attacks
• Illegal Trafficking of Pornographic Material
Such as Child Pornography

4. Computer Forensics Investigator
Needs Responsibilities
Ensure the integrityand existenceof an organization’s
computer system and network infrastructure
Extracts, processes, and interprets the actual evidence to
validatethe organization’s innocence, while maintaining
that the attackeris guilty
Help to capture important information if an
organization’scomputer systemsnetworks have been
breached
Ensures the preservation of evidence throughout the
entire investigation process including during the
extraction of possibleevidence
Assistsin prosecuting the case Ensures the prevention of contamination of evidence
Saves the organization time and money Ensures a continuous chain of custody is established
throughout the entire investigation process
Efficientlytrack down cyber criminalsfrom all over the
world
Ensures that normal operations are limited for only a
short amount of time
Track complicatedcriminalcases Ensures professionalethicsand legalityare maintained
(“Cfce,” n.d.)

5. Becoming A Computer
Forensics Investigator
• Obtain a Degree
• A Bachelor’s Degree in Criminal Justice, Computer Science,
Computer Forensics or another related field
• Get Certified
• Such as EnCase Certified Examiner (EnCE) or Certified
Ethical Hacker (CEH)
• Look for Work in Law Enforcement Agencies and
Private Investigation Agencies
• For example: Homeland Security, NSA, FBI, etc.
(“Forensic investigator,” n.d.)

6. Cyber Crimes
• What is a cyber crime?
• Cyber crime refers to any criminal activity that is conducted
via the Internet or another computer network
• Examples- Identity Theft, Transaction Fraud, Piracy,
Hacking, Child Pornography Trafficking, etc.
(“Cyber crime,” n.d.)

7. Cyber Crimes Cont’d.
Types
• Identity Theft
• Hacking
• Computer Viruses and Worms
• Cyber Stalking
• Piracy
• Drug Trafficking
• Credit Card Fraud
• Child Pornography
• Etc.
(“Cyber attack sign,” n.d.)

8. Performing a Forensic
Investigation
• Fundamental Steps
• Collect preliminary evidence
• Court warrant for seizure is obtained when necessary
• First responder procedures are performed
• Evidence is seized at the scene of the crime
• Evidence is securely transported to the forensics lab
• Two bit-stream copies of the evidence are created
• An MD5 checksum is generated on images
• Chain of custody is prepared and followed throughout
• Original evidence is securely stored
• Image copy is analyzed for evidence
• Preparation of Forensic report
• Report is submitted
• Investigator may be used as an expert witness when necessary

9. Performing a Forensic
Investigation Cont’d.
• Rules and Procedures
• Must make duplicate copies of the original evidence
• Always works off of duplicate copies and never the original
evidence
• Duplicate copies must be an accurate reproduction of the
original
• Must stay within his or her knowledge or skill level

10. Forensic Tools
• Types
• Storage Bags
• Wireless and Passport
• Remote Chargers
• To retrieve evidence from devices that have run out of power
• Write Block Protection Devices
• Hard Drives, USB, media cards, etc.
• Data Acquisition Tools
• SIM card readers, Video-capture devices, mobile forensic
laptops, forensic workstations, imaging workstations, and
different software

11. Computer Forensic
Companies
• Forensicon
• Cyber Investigation Services
• Kroll

12. Summary
• Computer Forensics play a vital role to crimes today
more than they ever have before. Everything and
everyone is reliant upon technology, and thus the use of
digital evidence in even a typical criminal case has
become more prevalent. Furthermore, it is extremely vital
that an investigator follows the chain of custody
throughout the entire investigation process and
documents everything, because if they do not do so it
can cause the evidence gathered to be unusable in the
court room.
(“Crime scene,” n.d.)

13. References
• Cfce. (n.d.). Retrieved from
http://www.coloradocomputerforensics.com/images/CFCE.gif
• Computer forensics. (n.d.). Retrieved from http://verdict.net/home/wp-
content/uploads/2013/08/computer_forensics.jpg
• Crime scene. (n.d.). Retrieved from http://xiarch.com/testing/wp-
content/uploads/2012/07/computer-forensics.jpg
• Cyber attacks sign. (n.d.). Retrieved from
http://www.abchs.com/upload/_aimg_0a798b8f929ec2826ebbacad327b7455
• Cyber crime. (n.d.). Retrieved from
http://image.shutterstock.com/display_pic_with_logo/221737/97531346/stock-photo-
cyber-crime-concept-in-word-tag-cloud-isolated-on-black-background-97531346.jpg
• Forensic investigator. (n.d.). Retrieved from
http://www.accountingcertificateprograms.org/wp-content/uploads/2011/11/computer-
forensics-certificate-picture.jpg
• Forensic process. (n.d.). Retrieved from http://e-
datadiscovery.com/resources/_wsb_401x343_Forensics Process.jpg