At a glance
Powered by AI
Some key takeaways from the document are that computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary analysis related to a wide range of computer crimes and misuses. Evidence gathered through computer forensics can be used in legal cases and investigations.
Computer Forensics
Introduction
•
Topics to be covered
–
Defining Computer Forensics
–
Reasons for gathering evidence
–
Who uses Computer Forensics
–
Steps of Computer Forensics
–
Handling Evidence
–
Investigation initiation / response
–
Handling Information
–
Reuirements
–
!nti"Forensics
–
Evidence processing guidelines
–
#ethods of hiding Information/data
–
#ethods of discovering information/data
Definition
•
What is Computer Forensics$$
–
Computer forensics involves the preservation% identification% e&traction% documentation% and interpretation of computer media for evidentiar' and/or root cause anal'sis(
–
Evidence might be reuired for a )ide range of computer crimes and misuses
–
#ultiple methods of
•
Discovering data on computer s'stem
•
Recovering deleted% encr'pted% or damaged file information
•
#onitoring live activit'
•
Detecting violations of corporate polic'
–
Information collected assists in arrests% prosecution% termination of emplo'ment% and preventing future illegal activit'
Definition (cont)
•
What Constitutes Digital Evidence$
–
!n' information being sub*ect to human action or not% that can be e&tracted from a computer(
–
#ust be in human"readable format or capable of being interpreted b' a person )ith e&pertise in the sub*ect(
•
Computer Forensics E&les
–
Recovering thousands of deleted emails
–
+erforming investigation post emplo'ment termination
–
Recovering evidence post formatting hard drive
–
+erforming investigation after multiple users had ta,en over the s'stem