Forensic Computer Investigations

In the midst of a forensic computer investigation, experts seek to gather evidence in order to determine whether a computer system has been used for any unlawful or unauthorized activities. With computer forensics, the evidence generally resides inside of computers, on storage devices and network servers. The investigation must be conducted in a forensically sound manner that is acceptable to a court of law. What this essentially means is that the gathering of evidence must be done in a manner that cannot be challenged on grounds of tampering or inaccuracy in a court of law.

Much of the data that an investigator collects is in a highly perishable form when working with live systems. As an example, the contents of RAM, which includes passwords, encryption keys and system program settings, can simply disappear if the computer is powered off. An investigator must proceed with valid computer forensics techniques and in a manner that preserves more perishable data, and collect it first.

Typically, the collection order is accessing the network connection in order to reveal the points in which a computer has been connected and gather whatever data was being transferred. Next, a computer examiner will check the RAM, as it can provide details of programs that are currently running or were recently running. After RAM, they will check the system settings in order to identify all users, currently logged in users, system time and date, currently accessed files and current security policies. Finally, hard disks which can contain much of the data needed for an electronic forensics investigation must be imaged in order to have no affect on the original data or impede any investigation using the image.

The computer examiner will then proceed to collect all removable computer storage devices, such as CD/DVDs, music players, USB memory cards, digital camera cards and the like. Additionally, an investigator will collect notes, printouts and other physical evidence lying around the scene. Sometimes notes can contain user identifying password combinations and security related instructions that can make the task of investigating the scene much easier. The user of the system is an even more valuable source; they can reveal encryption methods, passwords and other relevant information that can aid the investigation immeasurably.

Here are a few examples of how digital forensics can assist a forensic computer investigator in specific cases and tasks. In cases of adultery, online chats or text messages are typically used to arrange meetings and provide covert communication to avoid suspicions by a spouse. In cases of fraud, it is often times possible to detect if and when a document was altered.

Forensic computer investigations are conducted in order to help determine whether unauthorized or unlawful activities have taken place using computer systems. The investigator’s job is to collect data that resides in network connections, computer hardware, computer memory, hard disks and other removable storage media. An investigation is done utilizing validated tools and in a way that is acceptable to a court of law. To be a computer expert, you are required to have an expanded awareness of laws, as well as the technical skills to collect and analyze the gathered evidence.

Jeremy Larson is a foremost expert in acid reflux remedies. He has had extensive experience and conducted countless experiments in finding natural remedy. He is also a highly acclaimed writer in the medical field and you can find out more at RemedyForAcidReflux.com.