Posts Tagged ‘computer forensics investigation’

The Process for Recovering Electronic Evidence

Tuesday, March 1st, 2011

There are two primary steps in the process of recovering electronic data; “acquisition” of the target medium, and a forensic byte-by-byte analysis of the data.

Computer forensic science was created to address the specific and articulated needs of law enforcement to make the most of this new form of electronic evidence. Computer forensic science is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer medium.

Rather than producing interpretative conclusions, as in many forensic disciplines, computer forensic science produces direct information and data that may have some significance in a case. This type of direct data collection has wide-ranging implications for both the relationship between the investigator and the forensic scientist and the work product of the forensic computer examination.

Using customized computer forensic tools, the target medium is acquired through a non-invasive complete area-by-area bit-stream image procedure. During the imaging process, it is critical the mirror image be acquired in a DOS environment. Switching on the computer and booting into its operating system will subtly modify the file system, potentially destroying some recoverable evidence.

The resulting image becomes the “evidence file,” which is mounted as a read-only or “virtual” file, on which the forensic examiner will perform their analysis. The forensics software used by CFI creates an evidence file that will be continually verified by a Cyclical Redundancy Checksum (“CRC”) algorithm for every 64 sectors (block) of data and a by a MD5 128 bit encryption hash file for the entire image. Both steps verify the integrity of the evidence file, and confirms the image has remained unaltered and forensically intact. Using the MD5 hash encryption, changing even one bit of data will result in a notification that the evidence file data has been changed and is no longer forensically intact.

The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, a federal criminal statute outlawing various computer crimes, provides a civil remedy for companies victimized by a violation of the statute.In this new digital age, the CFAA is fast becoming recognized as a proactive tool that can be used by companies to retrieve stolen data, prevent its dissemination in the marketplace and obtain compensatory damages resulting from its theft, use and malicious destruction.

Computer Forensics Services Against Computer Vandalism

Monday, April 6th, 2009

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, or target of a crime. Although computer crime and cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, they are also used to include crimes like fraud, theft, blackmail, forgery, and embezzlement, in which computers, information technology or networks is used.

A computer is an excellent device for record keeping, particularly given the power to encode the data and can be used as a source of evidence. This evidence can be obtained and decoded, which can be used by the criminal investigators with the technical help provided by Computer Forensics Services.

Computer Forensics Services makes use of analytical and investigative techniques to identify, collect, examine and preserve evidence or information that is magnetically stored or encoded against such crimes. A forensic investigation by Computer Forensics Services can be initiated as part of criminal investigation, or civil litigation, through the sophisticated digital forensic techniques.

Computer Forensics Services like Data Triage Technologies provides digital evidence when data has been lost in the instances like:

  • Employee internet abuse
  • Unauthorized disclosure of corporate information and data
  • Industrial espionage
  • Damage of the system in an accident
  • Criminal fraud and deception cases
  • Criminal cases where criminals have used computers to store information
  • Investigation by Computer Forensics Services offers to:

    • Secure the system from tampering
    • Generate a copy of hard drive
    • Identify and recover files deleted
    • Access or copy the hidden files
    • Retrieve the protected and temporary files
    • Generate data from the residue of deleted files
    • Analyze data/settings concerned
    • Identify installed applications/programs
    • Assess the system
    • Discover electronic evidence of the user activity

    At Data Triage Technologies, the computer forensics experts identify, preserve and analyze potentially discoverable electronic evidence, while maintaining a cost effective approach throughout the process to support ongoing investigation. Their digital interrogation techniques ensure that computers “talk” for discovery purposes. Computers don’t lie, but it takes an expert to uncover the truth.

    Author: Meshaal McLean