What is Computer Forensics?

Computer or digital forensics science deals with the preservation, identification, extraction, and documentation of computer evidence. Computer media examined during an investigation could at some point be required as legal evidence in a civil or criminal court. Therefore, the manner in which the data is acquired, authenticated, and analyzed becomes critical.

E-discovery, or electronic discovery is the obligation of parties to a lawsuit to exchange documents that exist only in electronic form. Examples of items covered under e-discovery include e-mails,  instant messages, voicemails, Outlook info, data on smart phones, metadata, graphics, photographs, spreadsheets, websites, drawings and other types of digital data.

The Amendments to the Federal Rules of Civil Procedure of 2006, requires civil litigants to preserve and produce electronic evidence.

Traditionally, this media came in the form of disks including floppies, CDs, DVDs, and hard drives. More recently, there has been an explosion in smaller, more portable, removable forms of flash memory such as PC Cards, USB memory, and others. 

Understanding how electronic data is accessed and stored is also key to recovering evidence that someone has tried to hide, erase, or destroy. The US Secret Service has guidelines on the collection and storage of electronic evidence.  If evidence is to be used in the courtroom, there should not be an argument to its validity. Computer forensic investigators need to take extra care in making sure the data is not changed or altered while in their possession. This is one reason a forensic investigator works with copies of the original data. Steps must be taken to validate any copy and insure the original electronic data remains unchanged. Hashing programs aid in this process. 

If you are considering attending a computer forensics training class and are wondering how computer forensic investigators make copies of evidence keep reading. Computer forensic investigators use software tools and programs such as DD,  EnCase, Ghost, FTK, or SafeBack to copy data or build case data. 

Disk copy programs can work in two different methods. Information can be copied by file or by bit level. These methods are also referred to as logical or physical copying. Bit level (physical) copying is the standard in which computer forensic investigators operate. When each sector and track of information is reproduced, the data in the exact same position and location on the copied disk as it is on the original. 

Computer Forensic Training and Security Incident Response Services

Are you considering attending a computer forensic boot camp or want to learn more about security incident response? Do you need incident response services?

The primary goal of security incident response is to contain the damage, find out what happened, and prevent it from reoccurring. Security incident response is closely related to computer forensics as both seek to mitigate damage and determine the cause of security breaches. If you are a victim of a computer security breach you need cyber security experts to make sure the process is handled correctly.

ACQUISITION OF ELECTRONIC EVIDENCE

Most individuals are unaware how computer data is stored; care must be taken when handling evidence and protections must be used to protect the chain of custody.  Done correctly it is possible to reveal what a computer was used for, when it was used, and what the user did on the Internet or corporate network. Typically, we can recover much of what the user wrote, read, or viewed.

AUTHENTICATION

The first rule of computer forensic evidence analysis is that the evidence must be authenticated. Electronic discovery (e-discovery) should only be performed by a trained and experienced computer forensic examiner. Unauthenticated evidence cannot be used in civil or criminal court. Proper chain-of-evidence (chain of custody) requires the examiner to document all work, make a mirror image, and perform an analysis on the copy.

DATA PRESERVATION AND ANALYSIS SERVICES

We can perform security incident response activities and determine if any compromises or cyber security breaches have been made to your computer network. Other services related to digital forensics include:

1. Security Incident response

2. Password recovery

3. Keyword search and electronic data analysis

4. Financial data extraction

5. Recovery of accidental or intentionally deleted data

6. Bit-level image copy of hard drives, magnetic media, or CD/DVDs 

WHAT IS A CYBER SECURITY EXPERT?

A cyber security expert is an adviser that focuses on cyber security and IT network security. Such an individual typically is responsible for reviewing operational, technical, and physical controls so that a company is better protect against hacker, cyber criminals and organized crime.

HOW DO I LEARN MORE?

If you need to talk to a cyber security expert our representatives are standing by to offer a free complementary consultation. Feel free to contact us at TheSolutionFirm.