The
purpose of computer forensics is to investigate and analyze information found on
computers to find suitable evidence for a trial. This field is relatively new
because back when computers first came out, evidence from them was considered
no different than any other kind of physical evidence. However, with
advancements in computers, it became obvious that evidence from them could be
easily changed, destroyed, or corrupted. Detectives partnered up with computer
scientists to come up with a proper set of procedures for securing evidence
from a computer source.
First,
detectives must retrieve a proper warrant for where they can search for certain
information on a suspect’s computer. Then, after isolating the computer from
being illegally tampered with, forensic investigators make a digital copy of
the device's storage media. The real device is then locked in a safe facility to maintain its condition. All investigation is done
on the digital copy. Investigators use a variety of techniques and software
applications to examine the copy, searching hidden folders and unallocated disk
space for copies of deleted, encrypted, or damaged files. Everything in the
procedure is documented and important evidence is carefully placed into a
“findings report”, which is what is presented during the trial.
http://searchsecurity.techtarget.com/definition/computer-forensics http://computer.howstuffworks.com/computer-forensic.htm
No comments:
Post a Comment