In the global village called the internet, not everyone plays nice. You always hear of the word “hack”. It is mostly used in relation to invading of computers. Most of these are not entirely true but computer network systems do get hacked. If and when it does happen, it usually involves something sinister.
Even employees of companies do engage in snooping or to use our favorite word, hacking. The birth of the internet has led to more of this. Anyone can be anything online. This is why fraud, phishing, and identity theft happen.
The computer has become an important part of everyday life. Sending letters have been entirely changed by emails. Communications have been dominated by instant and text messaging. Portable storage devices that were an exclusive preserve of Information Technology professionals are now used by the general public.
I think you are already getting the idea of why computer forensics are needed. In the event that hacking does occur, the computer forensic will do the following:
1. Like any other investigation, the computer forensic must handle the area as a crime scene. He or she will take digital photographs and secure documentary evidence. This will include printouts, notes and disks in the scene.
If you are the one who hired the computer forensic expert, you should leave everything to them. The computer system should be left as is whether it is turned on or off.
If the computer was left on, the analyst will gather all the information that he or she can from the running applications. The computer will then be shutdown in a way that the data will not be lost. Doing a standard shutdown or pulling the plug is not an option. Both of these methods may cause the loss or damage of the data in the computer system.
2. The forensic investigator must then document the configuration of the system as you would document a crime scene. This should include the order of hard drives, modem, LAN, storage subsystems, cable connections, and wireless networking hardware. The analyst may make a diagram to go along with the digital photographs. They will also take portable storage devices within the area that may contain substantial evidence.
3. The computer forensic expert must take all the evidence to the lab. This is because the analyst should not examine the evidence in the same hardware. People who engage in cyber crimes are also aware that important data can be retrieved to convict them. Countermeasures, viruses and booby traps may be installed in the system to damage electronic evidence.
Analysts take the hard drive in their lab instead to make an exact duplicate of its contents. This process is called Imaging. Analysts have their own tools to make sure that the data is copied completely and accurately.
The duplicate will then be verified by an algorithm. The data is then examined and analyzed. The analyst makes a report of his or her findings and the process that was taken during the investigation starting from the acquisition of the data. This evidence will be presented in court if prosecution is necessary.
The computer forensic plays many roles and duties in the criminal justice field. It is hard to cover all of them in this short article. I encourage you to do more reading if you are interested in this field. You can do this by visiting websites that cover the profession in more detail.
Note: You are free to reprint or republish this article. The only condition is that the links should be clickable.