In order to determine whether a computer holds information that may serve as evidence, the professional must first create an exact image of the drive. The examiner examines only this image drive to protect the original from inadvertent alterations. These images must be actual bit-by-bit or "mirror" images of the originals, not just simple copies of the data. Acquiring these kinds of exact copies requires the use of specialized forensics techniques. These mirror images are critical because each time someone turns a computer on, many changes are automatically made to the files. In a Windows® system, for example, more than 160 alterations are made to the files when the computer is turned on. These changes are not visible to the user, but the changes that do occur can alter or even delete evidence, for example, critical dates related to criminal activity.
This is a blog for all the assignments that are completed in my computer apps class.
Friday, November 19, 2010
Computer Forensics
Computer forensics is the specialized practice of investigating computer media for the purpose of discovering and analyzing available, deleted, or "hidden" information that may serve as useful evidence in a legal matter. It can be used to uncover potential evidence like copyright infringement, fraud, blackmail, piracy, sexual harassment, and more. Computer forensics combines specialized techniques with the use of sophisticated software to view and analyze information that cannot be accessed by the ordinary user. This information may have been "deleted" by the user months or even years prior to the investigation, or may never have been saved to begin with - but it may still exist in whole or in part on the computer's drive.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment