Assignment 1: Computer Forensics Overview
CIS 417 Computer Forensics
Computer forensics is the process of investigating and analyzing techniques to gather and preserve information and evidence from a particular computing device in a way it can be presented in a court of law.
The main role of computer analyst is to recover data including photos, files/documents, and e-mails from computer storage devices that were deleted, damaged and otherwise manipulated. The forensics expert’s work on cases involving crimes associated with internet based concerns and the investigations of other potential possibilities on other computer systems that may have been related or involved in the crime to find enough evidence of illegal activities. Computer
…show more content…
The data acquired would then be carefully verified and ensure the chain of custody be followed. * Timeline Analysis: During the above processes, the start investigation and analysis in your forensics lab, a full timeline with time, date, what was used should be kept. * Media and Artifact Analysis: In most cases there will be an abundance of information that you will be searching through. String or Byte Search: Here it will consist of tools help in searching very low-level raw images. You realize what you are looking then you can use this method to find it. * Data Recovery: During data recovery entails recovering data from the file system labeling it, time it was accessed along with the time stamps the programs was last used will be accessed. * Reporting Results: During the reporting results which is the last step in computer forensics analysis, is reporting the information found which includes, but not limited to depending on what the investigation entails is; describing what actions were performed during the process, determining what other actions may be needed to be performed to potentially find more information, and recommending improvements to policies, guidelines, procedures, tools, and other aspects of the entire process.
There can be major issues computer forensics examiners may face which can be categorized into three wider groups; legal issues, administrative issues, and technical issues.