Computer forensics is the branch of forensic science that examines evidence stored digitally on a hard drive or other data storage medium.
History
Computer forensics can be traced back to the beginning of the 1990s when computers began to be integrated into our daily existence. DIBS USA was one of the first computer forensics companies to emerge.
Function
Computer forensics is about the preservation and extraction of data. Data is often found in server logs or on suspects’ hard drives. Since every move on a computer leaves a footprint, forensic experts have to find out how to tie that…
A Computer Forensics Investigator is trained in combating crimes ranging from crimes against children to file system recovery on computers that have been damaged or hacked. The Computer Forensics Investigator, also known as a Computer Forensics Specialist, recovers data from digital media that will be used in criminal prosecution. Digital media refers to all methods of electronic data storage and transfer devices including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. Once a Computer Forensics Investigator retrieves the necessary information they will prepare very detailed and technical written reports on the collected…
Computer crime is one of the fastest growing areas of crime in the world. With the internet expanding its boundaries and email becoming the more prevalent way to communicate in business as well as on a personal level, personal and corporate computers have become extremely vulnerable to attack. This has created an increased need for individuals educated in computer forensics or computer forensic investigators.
Computer Forensics Investigator Job Outlook and Salary
Computer forensic jobs are forecasted to grow faster than the average with most of the job growth being in law enforcement agencies and corporations. For individuals…
Data lost intentionally or accidentally can be recovered with the help of data recovery experts. Computer forensic is one such type where the cause for data loss is identified.
There are many definitions of computer forensics however generally, computer forensic refers to the detail investigation of the computers to carry out the required tasks. It performs the investigation of the maintained data of the computer to check out what exactly happened to the computer and who is responsible for it. The investigation process starts from the analysis of the ground situation and moves on further to the insides of the…
After all known compound file formats have been carved, their sectors are bookmarked and removed from consideration as possibly belonging to text, HTML or any other files. Using the “gather text” feature of X-Ways Forensics (or similar feature from a variety of existing forensic tools), text was extracted from the remaining sectors not bookmarked.
All .html and .txt files were manually carved and evaluated since no compound file format exists, identifying start, end, or location of structures within the file(s). Any fragmented text or .html files were manually put back together based on manual review of the content of the…
Next we will look at carving JPEG graphic files, as specified in the document “Description of Exif file format.” For complete details of the file format specification, please refer to the hyperlink to the document, listed on page 1 of this paper.
The JPEG graphic file starts with a Start of Image (SOI) signature of “FF D8”. Following the SOI are a series of “Marker” blocks of data used for file information. Each of these “Markers” begin with a signature “FF XX”, where “XX” identifies the type of marker. The 2 bytes following each marker header is the size of…
(Includes documents, spreadsheets, templates and other MS office files)
Next we will look at carving MS Compound Document (and spreadsheet) files, as specified in the document “Open Office.org’s Documentation of the Microsoft Compound Document File Format.” For complete details of the file format specification, please refer to the hyperlink to the document, listed on page 1 of this paper.
As quoted from the above referenced document, “Compound document files are used to structure the contents of a document in the file. It is possible to divide the data into several streams, and to store these streams in different storages in…
The first compound file format that we will look are Zip files, as specified in the document “APPNOTE.TXT – .ZIP File Format Specification”, revision date January 6, 2006 from PKWARE,Inc. For complete details of the file format specification, please refer to the hyperlink to the document, listed on page 1. The information described below applies to most common Zip files created with current versions of Zip archive utilities, such as WinZip.
A Zip file is broken into specific parts that can be searched for and identified based on separate signatures. The basic layout of a Zip file is first the…
Data Carving is a technique used in the field of Computer Forensics when data can not be identified or extracted from media by “normal” means due to the fact that the desired data no longer has file system allocation information available to identify the sectors or clusters that belong to the file or data.
Currently the most popular method of Data Carving involves the search through raw data for the file signature(s) of the file types you wish to find and carve out. Since the file system has no information on the size of the file being carved, the current…
Hardware
1. Become familiar with the inside of the computer
2. Understand hard drives and their settings
3. Motherboards
4. Power connections
5. Memory
Knowledge of Operating Systems and Software
Operating Systems
–Microsoft Products
–Linux RedHat
–UNIX
Software
–Forensic Software
–HTML
–Microsoft Office
–Quick View Plus
Training
1. New Technologies (NTI) in Gresham, OregonGuidance Software (Encase)Access
DataHTCIA Annual Conference
2. PatienceOne needs the ability to be able to sit in front of the computer
and analyze the data for what could be an extensive amount of time.“No such
thing as point and click forensics.”
Computer forensics is the branch of forensic science that examines evidence stored digitally on a hard drive or other data storage medium.
