Posts Tagged ‘Computer Forensics’

The Process for Recovering Electronic Evidence

Tuesday, March 1st, 2011

There are two primary steps in the process of recovering electronic data; “acquisition” of the target medium, and a forensic byte-by-byte analysis of the data.

Computer forensic science was created to address the specific and articulated needs of law enforcement to make the most of this new form of electronic evidence. Computer forensic science is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer medium.

Rather than producing interpretative conclusions, as in many forensic disciplines, computer forensic science produces direct information and data that may have some significance in a case. This type of direct data collection has wide-ranging implications for both the relationship between the investigator and the forensic scientist and the work product of the forensic computer examination.

Using customized computer forensic tools, the target medium is acquired through a non-invasive complete area-by-area bit-stream image procedure. During the imaging process, it is critical the mirror image be acquired in a DOS environment. Switching on the computer and booting into its operating system will subtly modify the file system, potentially destroying some recoverable evidence.

The resulting image becomes the “evidence file,” which is mounted as a read-only or “virtual” file, on which the forensic examiner will perform their analysis. The forensics software used by CFI creates an evidence file that will be continually verified by a Cyclical Redundancy Checksum (“CRC”) algorithm for every 64 sectors (block) of data and a by a MD5 128 bit encryption hash file for the entire image. Both steps verify the integrity of the evidence file, and confirms the image has remained unaltered and forensically intact. Using the MD5 hash encryption, changing even one bit of data will result in a notification that the evidence file data has been changed and is no longer forensically intact.

The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, a federal criminal statute outlawing various computer crimes, provides a civil remedy for companies victimized by a violation of the statute.In this new digital age, the CFAA is fast becoming recognized as a proactive tool that can be used by companies to retrieve stolen data, prevent its dissemination in the marketplace and obtain compensatory damages resulting from its theft, use and malicious destruction.

Role of the Computer Forensics Expert Witness in the Litigation Process

Wednesday, September 22nd, 2010

Computer Forensics

Computer forensics are used in criminal investigation, civil litigation, hacking, embezzlement, industrial espionage, insurance fraud and law enforcement or Internet/company property abuse.

Computer forensics focuses on acquisition, restoration and analysis of digital data. In business world, computer forensics can be used to restore corrupted or lost data, resurrect outdated software environment, and analyze common security breach activities.

A Computer Forensics Expert

A computer forensics expert is an experienced personnel who can access a compromised computer, duplicate all files and directories and document all steps taken during the recovery and discovery process. A computer forensics expert is an experienced personnel who can maintain the integrity of data, preserving the chain of control and following a proven methodology of review. A computer forensics expert can track deleted files, hidden files, files created by the system such as an automatic backup of a document, or fragmented files that are scattered throughout the storage devices. A computer forensics expert is an experienced personnel who can document the location of electronic data, its nature, format and other identifiers.

A Computer Forensics Expert Witness

A computer forensics expert witness is an experienced personnel who is adept at handling the tools of computer forensics, resolving matters in corporates and litigation processes by contributing to the evidence pool, establishing truth for more efficient and rapid resolution, judgment or settlement. Digital data that is lost, stolen, deleted or otherwise manipulated can be of evidential value in a lawsuit.

Role of a Computer Forensics Expert Witness

A computer forensics expert witness plans strategies: The analytical and technical skill sets of a computer forensics expert witness provides attorneys with assistance at every step of the litigation process through discoverable and electronically stored information and the form in which it should be presented strategically.

A computer forensics expert witness assists counsel for plaintiff: The attorney for a plaintiff is entitled to all electronic information that is key to the litigation and he may request the electronic data to support his client’s claims. The computer forensics expert witness can brainstorm with the attorney and the client regarding all physical locations of the relevant and different forms of e-data. The computer forensics expert witness can also assist in determining if data wiping or encryption utilities were used.

The computer forensics expert witness assists the counsel for defendant:

  • The computer forensics expert witness confers with the client and his IT personnel attorney for the defendant to discuss how to maintain files during litigation and how to preserve and protect data
  • The computer forensics expert witness can assist in balancing privacy with evidence production by providing electronic discovery on behalf of their clients, including redacting proprietary or attorney/client privileged data
  • The computer forensics expert witness also assists his client’s IT professionals understand the legal requirements associated with preservation of electronic data
  • The computer forensics expert witness can attend “meet and confer” sessions.
  • The computer forensics expert witness suggests information to request with respect to backup procedures
  • The computer forensics expert witness provides assistance with wording for interrogation and requests for potential deposition questions for IT personnel
  • The computer forensics expert witness can determine where and how often the suspect had used the Internet if it is relevant to the case
  • The computer forensics expert witness restores and recovers deleted files
  • The computer forensics expert witness researches and determines if any dates have been altered
  • The computer forensics expert witness helps parties understand the scope and nature of electronic data collection, filters privileged data and assists in determining the extent of the data accessed

Analysis: The computer forensics expert witness researches analyzes the key words, documents or dates important to the litigation as an evidence to tampering and data deletion.

The computer forensics expert witness can offer testimony:

  • The computer forensics expert witness has the skills and experience to explain technical concepts and present mass amounts of data in a clear and understandable manner with respect to electronic evidence
  • The computer forensics expert witness can demonstrate the securely collected and preserved data as electronic evidence
  • The computer forensics expert witness needs to make sure the proper software is used as only a few software programs have been tested and approved by various courts as forensically sound and reliable
  • The computer forensics expert witness must also assure that he is employing accepted procedures including documenting the chain of custody of electronic data
  • The computer forensics expert witness must also assure that his overall ability to testify and demonstrate that the procedures he is employing is forensically sound
  • The computer forensics expert witness must be aware of the ethics of his profession and laws governing his testimony
  • The computer forensics expert witness should have reputable experience
  • The computer forensics expert witness must be able to withstand cross-examination

Data Triage Technologies offers Computer Forensics and Expert Witness Services to the legal communities in California and throughout the United States. Data Triage’s computer forensics experts identify, preserve and analyze potentially discoverable electronic evidence, while maintaining a cost effective approach throughout the process to support ongoing investigation. Let the professionals at Data Triage Technologies assist you in obtaining the evidence vital for winning your case!

Why Do You Need A Computer Forensics Expert Witness

Monday, August 30th, 2010

Since the turn of the millennium for personal and business purposes computers have become ‘the most must have contraptions’ and the usage and dependence on the Internet continued to move upwards. 80% of all corporate data is now being stored electronically and allowed to stay in electronic format. Then came the bad news. As the use of computers escalated, so did the computer crime. According to the Crime in America statistics website, in 2009 alone, computer crime increased by 22 percent. These crimes needed a computer expert, an investigator to fathom the depth of the crime and an expert who can present the computer evidence methodically in the court of law to convict him. The computer expert, the computer forensic specialist and a Forensics Expert Witness have now new avatar as a Computer Forensics Expert Witness

A Computer Forensics Expert Witness is a Computer Forensic investigator who can investigate. A Computer Forensics Expert Witness is a specialist within Computer Forensics and E-Discovery and can testify regarding the accuracy and findings from the computer forensics. A Computer Forensics Expert Witness may work in close conjunction with a Computer Forensics investigator, or he himself would work as both. Computer Forensics investigator is the specialist who can methodically investigate, discover and analyze the available, deleted, or hidden information that can be put to use as irrefutable evidence in a legal case. A Computer Forensics Expert Witness provides testimony, documentation and witness preparation to help present discovered electronic data in legal proceedings to help you prove and win your case.

A Computer Forensic investigator can:

  • Uncover the depth of a security breach
  • Recover data that has been corrupted or intentionally deleted
  • Identify how security checks were dodged
  • Identify the individual involved in the crime, say a hacker, an individual on the Internet, an employee, or an irate spouse

Computer forensics experts help us uncover potential evidence in cases like blackmail, child pornography, copyright infringement, corruption, decryption, destruction of information, fraud, industrial espionage, money laundering, sexual abuse, software piracy, theft of intellectual property, and unauthorized access to confidential information.

A Computer Forensics Expert Witness can assist in all stages of building a case as the following:

  • A Computer Forensics Expert Witness ascertains the relevance of the information present in the computer(s)
  • A Computer Forensics Expert Witness assists in preparing and responding to interrogatories
  • A Computer Forensics Expert Witness retrieves and examines information through the use of his forensics programs and methods
  • A Computer Forensics Expert Witness develops court reports
  • A Computer Forensics Expert Witness plans and provides expert testimony

A Computer Forensics Expert Witness helps communities, corporates and individuals in the following ways:

  • A Computer Forensics Expert Witness assists in Police Investigations in computer crimes in child pornography, ID theft, breaching security protocols to access government defense information and narcotic supplies and extortion rackets
  • A Computer Forensics Expert Witness is trained in the legalities of computer crime. He can help investigators build a case and provide expert testimony in court of law. His testimony helps the judiciary in convicting computer criminals
  • A Computer Forensics Expert Witness assists in civil litigation trials in cases of divorce, child support payments and financial fraud
  • A Computer Forensics Expert Witness can help insurance companies to identify evidence of fraud in cases of worker compensation or personal injury cases
  • A Computer Forensics Expert Witness can find computer evidence in industrial espionage, theft of trade secrets and in cases of sexual harassment

Computer Forensics Services Against Computer Vandalism

Monday, April 6th, 2009

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, or target of a crime. Although computer crime and cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, they are also used to include crimes like fraud, theft, blackmail, forgery, and embezzlement, in which computers, information technology or networks is used.

A computer is an excellent device for record keeping, particularly given the power to encode the data and can be used as a source of evidence. This evidence can be obtained and decoded, which can be used by the criminal investigators with the technical help provided by Computer Forensics Services.

Computer Forensics Services makes use of analytical and investigative techniques to identify, collect, examine and preserve evidence or information that is magnetically stored or encoded against such crimes. A forensic investigation by Computer Forensics Services can be initiated as part of criminal investigation, or civil litigation, through the sophisticated digital forensic techniques.

Computer Forensics Services like Data Triage Technologies provides digital evidence when data has been lost in the instances like:

  • Employee internet abuse
  • Unauthorized disclosure of corporate information and data
  • Industrial espionage
  • Damage of the system in an accident
  • Criminal fraud and deception cases
  • Criminal cases where criminals have used computers to store information
  • Investigation by Computer Forensics Services offers to:

    • Secure the system from tampering
    • Generate a copy of hard drive
    • Identify and recover files deleted
    • Access or copy the hidden files
    • Retrieve the protected and temporary files
    • Generate data from the residue of deleted files
    • Analyze data/settings concerned
    • Identify installed applications/programs
    • Assess the system
    • Discover electronic evidence of the user activity

    At Data Triage Technologies, the computer forensics experts identify, preserve and analyze potentially discoverable electronic evidence, while maintaining a cost effective approach throughout the process to support ongoing investigation. Their digital interrogation techniques ensure that computers “talk” for discovery purposes. Computers don’t lie, but it takes an expert to uncover the truth.

    Author: Meshaal McLean

    Computer Forensic Focus On Keystroke Logging

    Tuesday, August 12th, 2008

    Computer forensics or digital forensics has extremely gone under rapid forensic application of computer investigation and is often followed up with expert witness in court. Computer forensics is something which you really need to do regularly in investigation process which will help, boost business and will also present evidence through out the legal process.

    To protect your company, business on internet against hacking, you have to know the tactics employed by the hackers which will help you prevent the fraud by staying one step ahead of them. The data generally is hacked by means of phishing, spyware, malware programs, insider attacks, keystroke logging etc. In this article i would like to discuss on the keystroke logging.

    Have doubt on what exactly is keystroke logging?

    Keystroke logging or keylogging is a method of capturing information and recording user keystrokes through hardware or software program.

    The keystroke logging are done remotely to steal credit card and bank account numbers, usernames, passwords and also some times to monitor personal files, emails and FTP to spy them. These keyloggers can be installed through download programs and also through physical access to the computer.

    How exactly it works – The key logger uses a web server and appends the browser redirecting it to web pages and when the client downloads the web page and Java script, it redirects to hackers site unknowingly and keyboard logger is installed and the individual user names, passwords, bank pin card numbers are sent to hacker’s website.

    Hardware keyloggers are external attachment (a small cable) within the keyboard and the port. This external attachment can be the USB memory stick, external hard drives which are placed on back of the computer and are hard to spot. These devices are invisible to the computer’s user, as these hardware keyloggers are placed inside the keyboard or next to keyboard port.

    Software key logger is a program which is installed on a machine with administrative privileges. It can be the device driver that replaces the existing input /output driver with embedded key logging functionality. The functionality will have many options such as encrypting, decrypting and sending the files to a destination across the internet. The log files were hard to find from the operating system files though you go for directory listing of hidden files, as they are hidden.

    You can prevent this unsecured accessing of data from web server from being affected by the keystroke loggers through comprehensive intrusive prevention system that defends your network which consists of signature deployment, anomaly detection, and protocol recognition and also you can go for anti-key loggers (software program) to detect key loggers.

    These computer forensic tools provide a solution to individuals in detecting the key loggers and for further assistance and help you can go for, which is the best Computer Forensic Expert providing the effective approach to support your online investigation.

    As we know these key loggers are simple and easy to install, the best that can be done manually is to prevent keylogging by adopting a good security practices. By having restricted privileges to the users by making them part of the user group, and having administrator group with strong password policy, and also perform physical check of hardware loggers.