Computer forensics pertains to obtaining legal evidence from
computer systems and digital storage media. The purpose of computer forensics
is identify, recover, examine, and preserve this digital information to be used
in legal investigations and trials of computer crime, such as hacking, fraud,
and cyberstalking, as well as in civil proceedings. Computer forensic evidence
has become more widely accepted in US court proceedings, however, as computer
have become more advanced it is apparent that this evidence is easily corrupted,
changed, or eradicated. As such investigators have developed specialized tools
and processes for obtaining evidence without altering the information.
Computer forensic evidence is subject to specific guidelines
that require the evidence to be authentic, reliably obtained, and admissible in
court. For example, investigators must obtain a specific warrant to search for
computer evidence in order for the information to be admissible. Investigations
are performed on static data and follow the standard digital forensic process
of acquisition, analysis, and reporting. Some of the techniques used in
computer forensic investigations include cross-drive analysis, live analysis,
and deleted files.
No comments:
Post a Comment