Computer Forensics Explained

A Backup Article Contributed by Sumedh Shanbhag

What is Computer Forensics?

Computer forensics is the application of computer analysis and computer-assisted investigation techniques to acquire possible legal evidence. Such investigation includes evidence against cyber-crimes, computer-assisted defamatory attempts, computer manipulation and forgery and other computer-related crimes. The methods used may range from recovering lost data to deciphering encrypted data.

Benefits of Computer Forensic Analysis.

A computer forensic analyst will have knowledge of different computer applications whether hardware or software. This is because the fundamental computer design and software application are similar.

Unlike paper evidence, computer evidence can be stored in different devices and in different formats. Hence it requires an experienced computer forensic analyst to extract more than is thought possible from the various formats.

The crux of forensic analysis of any kind depends on the security and the protection of evidence. Computer forensic analysis is no different. An experienced computer forensic analyst will ensure that:

a) The evidence is protected from damage by both external conditions and also from internal anomalies like virus and the like.

b) Evidence is preserved from radiation and electro-magnetic fields.

c) Business operations are affected for the least amount of time.

d) Any information is not divulged during the process of investigation.

Activities of a Computer Forensic Analyst

The work process of a typical computer forensic analyst will comprise of the following:

1) Protection of the computer being referred to, during the investigation.

2) Acquiring the maximum possible evidence by detecting and examining all possible data for hidden files, encrypted files and also recovering and reinstating lost or deleted files. The computer forensic analyst also attempts to decipher encrypted files which can speed up the investigation process dramatically.

3) Printing a report of the analysis procedure and thus assisting future investigation procedures.

Uses of Computer Forensics

Computer forensics can be used to acquire legal evidence for criminal proceedings in the following areas:

1) Criminal Investigators: Criminal investigation uses a great deal of computer forensic evidence to solve cases regarding financial frauds, homicides, child pornography and cyber-crime.

2) Insurance Companies: Insurance companies refer to computer forensic evidence retrieve money lost in frauds, arson and compensation cases.

3) Apart from this computer forensics are also used by law enforcement agencies, civil bodies and individuals for evidence against sexual harassment, age and sex discrimination, frauds and the like.

Results of Computer Forensic Analysis

Computer forensic analysis can achieve the following breakthroughs:

1) It can reveal what websites have been visited and what content has been downloaded for the websites.

2) It can be used to decrypt encrypted files.

3) Attempts at fabricating or hiding files can be revealed.

4) It can reveal the documents which were printed from a floppy.

5) It can be used to acquire data from a hard-disk that has been partitioned or even reformatted.

6) It can be used to recover deleted e-mails.

A computer forensic analyst, like any forensic analyst, must be impartial. He must carry on his investigations without being influenced by emotions and sentiments. A computer forensic analyst is thus the most important part of any investigation procedure.