WirtNiles617
Introduction Computer forensics could be the practice of collecting, analysing and reporting on digital data in a way which is legally admissible. It will be utilized in the detection and prevention of crime and in any dispute where evidence is stored digitally. Computer forensics has similar examination stages to other forensic disciplines and faces similar concerns.
About this guide This guide discusses computer forensics from a neutral perspective. It is not linked to specific legislation or intended to promote a particular enterprise or product and is not written in bias of either law enforcement or commercial computer forensics. It is aimed at a non-technical audience and provides a high-level view of computer forensics. This guide uses the term "personal computer", but the concepts apply to any device capable of storing digital information. Where methodologies have been mentioned they're provided as examples only and do not constitute tips and hints or guidance. Copying and publishing the whole or part of this post is licensed solely under the terms of the Creative Commons - Attribution Non-Commercial 0 license
Uses of pc forensics There are few places of crime or dispute where laptop forensics can't be applied. Law enforcement agencies have been amongst the earliest and heaviest users of computer system forensics and consequently have at all times been at the forefront of developments in the field. Computers could possibly constitute a 'scene of a crime', as an example with hacking [ one] or denial of service attacks or they could hold evidence at the style of emails, via the internet history, documents or other files relevant to crimes which includes murder, kidnap, fraud and drug trafficking. It just isn't merely the content material of emails, documents as well as other files which could be of interest to investigators on the other hand at the same time the 'meta-data' related with those files. A personal computer forensic examination might possibly reveal as soon as a document very first appeared on a pc, when it was last edited, as soon as it was last saved or printed and which user performed these steps.
Guidelines For evidence to be admissible it should be dependable and not prejudicial, meaning that at all stages of this procedure admissibility ought to be in the forefront of a laptop forensic examiner's mind. One set of helpful hints which has been widely accepted to assist in this could be the Association of Chief Police Officers Good Practice Guide for Computer Based Electronic Evidence or ACPO Guide for brief. Although the ACPO Guide is aimed at United Kingdom law enforcement its principal principles are applicable to all laptop forensics in whatever legislature. The 4 primary principles from this guide have been reproduced below (with references to law enforcement removed):
No action should alter data held on a computer or storage media which may be thus relied upon in court.
In situations where an individual finds it essential to access original information held on a laptop or storage media, that individual should be competent to do so and have the ability to present evidence explaining the relevance plus the implications of their steps.
