UK Business Directory | Promote Your Business

Different techniques used in computer forensics

Regardless of the situation, and whether the evidence will be used in a court of law or as the grounds for a letter of reprimand, the techniques, procedures, and methodologies used should be largely the same. What starts out as a letter of reprimand given to an employee for misusing company computing resources, may end up as a lawsuit against the employer. What starts out as an investigation concerning Internet access at odd times may reveal that child pornography was accessed.

It is for the above reasons that we must use sound and proven techniques for any work performed related to computer forensics, and always approach a situation as if we will end up in a court of law or possibly be handing the case over to law enforcement. Active, Archival, and Latent Data In computer forensics, there are three types of data that we are concerned with - active, archival, and latent. Active data is the information that you and I can see. Data files, programs, and files used by the operating system. This is the easiest type of data to obtain. Archival data is data that has been backed up and stored. This could consist of backup tapes, CD's, floppies, or entire hard drives to cite a few examples. Latent (also called ambient) data is the information that one typically needs specialized tools to get at. An example would be information that has been deleted or partially overwritten.

A computer investigation could entail looking at one or more of these data types depending on the circumstances. Obtaining latent data is by far the most time consuming and costly. Public Sector, Private Sector, and Consulting There are three primary areas that you will find computer forensics used. Public sector, private sector, and consulting. Public Sector Computer forensics is used in the public sector by government and law enforcement personnel to investigate and prosecute crimes. Criminals are using computer technology when committing "traditional" crimes such as homicide, rape, fraud, and auto theft to name a few. They are also using computer technology to commit crimes that would not be possible without computing devices, such as breaking into a networked system and stealing or altering data, posting child pornography to a newsgroup, or harassing someone via email. Computers can be the target of a crime (your computer system is attacked over the Internet), the tool in the commission of a crime, (sending and receiving child pornography), or as incidental to a crime (keeping records concerning the houses you've burgled). When computing devices are used in committing crimes, you'll often hear the term "Cybercrime" used. Although the word "Cyber" does get peoples attention, it is often misused - Cyber typically denotes being online. You are not in "CyberSpace" just by turning your computer on.

At any rate, government and law enforcement use of computer forensics is increasing, as more and more criminals are using computing technology. Computer evidence is used by Prosecutors everyday to aid in convicting criminals involved in fraud, murder, drug trafficking, child pornography, embezzlement, and terrorism. Private Sector In the private sector, computer forensic techniques and methodologies are used to investigate electronic break-ins, embezzlement, improper use of computing resources by employees, and theft of trade secrets among other things. Those in the insurance business may use information retrieved from computer systems to identify fraud in workman's compensation, automobile or personal accident cases, or arson. I'm aware of a few cases were emails were sent outlining plans to fake back injuries and other ailments in order to receive money from insurance. These emails were used to convict those making the false claims.