Saturday, August 3, 2019

Computer Forensics :: Technology, Science, Computer Applications

â€Å"Computer forensics is the specialized practice of investigating computer media for the purpose of discovering and analyzing available, deleted, or "hidden" information that may serve as useful evidence in a legal matter. â€Å" (Steen, Hassell 2004) Computer forensics has become a very important factor of criminal investigations. Since computers have become mainstream the need for a science that will deal with the technology has become an issue for the judicial and legal system. Some of the areas computer forensics may be utilized are:  § Copyright infringement  § Industrial espionage  § Money laundering  § Piracy  § Sexual harassment  § Theft of intellectual property  § Unauthorized access to confidential information  § Blackmail  § Corruption  § Decryption When the investigator finds a computer that may hold evidence, they first create an exact image of the drive. This prevents any inadvertent damage to the system. The clone image is important because more than 160 alterations are made to files when a computer is turned on which can change or delete important evidence. Several events take place on a computer when a file is changed. A file status maker is set meaning their space is now available. But even though you have deleted the file, it stays in the same spot and is called free or unallocated space and is available until the whole space is written over by another file. The computer forensic specialist may retrieve the data until it is written over by the new file. Another place for information to hide is called slack space, meaning, sometimes information being stored in an area will not use all of the available space in the designated spot and the unused portion becomes the slack space.

No comments:

Post a Comment