COMPUTER FORENSICS

Generally forensics refer as

The use of science &technology to investigate & establish facts in criminal courts of law.

Cumming to computer forensics

It is study of extracting,analyzing,documenting evidence from computer system or network.

Introduction:
Computer Forensics is a branch of Digital forensic science that deals with investigating and analyzing legal evidence found in computers and digital media. This applies to:

Computer systems Hard disks CDs Electronic documents (ex: email messages, JPEG images, etc.)

HISTORY OF COMPUTER FORENSICS :

Michael Anderson Father of computer forensics special agent with IRS Meeting in 1988 (Portland, Oregon) creation of IACIS, the International Association of Computer Investigative Specialists the first Seized Computer Evidence Recovery Specialists (SCERS) classes held

PRESENT SCENARIO OF COMPUTER FORENSICS

It has been used in a number of high profile cases and is becoming widely accepted as reliable within US and European court systems.
Computer forensics is a growing field world over and India is also trying to use computer forensics for its legal and judicial purposes.

GOAL OF COMPUTER FORENSICS

To examine digital media in a forensically sound manner with aim of Identifying Preserving Recovering analyzing Presenting facts &opinions about the information.

WORKING PROCESS :
Methods of hiding Data :To human eyes, data usually contains known forms, like images, e-mail, sounds, and text. Most Internet data naturally includes gratuitous headers, too. These are media exploited using new controversial logical encodings: Steganography and marking.

Steganography: The art of storing information in such a way that the existence of the information is hidden.
Watermarking: Hiding data within data.

WORKING PROCESS : Method of Hiding Data

Hard Drive/File System manipulation:

Slack Space
Partition waste space Hidden drive Space

Bad sectors
Extra Tracks Change file names and extensions

Methods Of Detecting/Recovering Data :

Steganalysis - the art of detecting and decoding hidden data. Steganalysis Methods - Detection o Human Observation. o Software Analysis. o Disk Analysis. o RAM Slack.

o Firewall/Router Filters.
o Statistical Analysis. o Frequent Scanning.

Methods Of Detecting/Recovering Data :

Steganalysis Methods Recovery Recovery of watermarked data is extremely hard. Currently, there are very few methods to recover hidden, encrypted data. Data hidden on disk is much easier to find. Once found, if unencrypted, it is already recovered. Deleted data can be reconstructed. Software Tools Scan for and reconstruct deleted data Break encryption Destroy hidden information (overwrite)

TECHNICAL APPLICATIONS :

Understanding of
storage technology operating system features
Windows Linux Unix Mac OS

file systems

How Computer Forensics are Used ?

Criminal Prosecutors

Civil Litigations
Insurance Companies Large Corporations

Law Enforcement
Any Individual

ADVANTAGES OF COMPUTER FORENSICS :

Ability to search through a massive amount of data

Quickly Thoroughly In any language

DISADVANTAGES OF COMPUTER FORENSICS :

Digital evidence accepted into court:
must prove that there is no tampering all evidence must be fully accounted for computer forensic specialists must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures

DISADVANTAGES OF COMPUTER FORENSICS :

Costs

producing electronic records & preserving them is extremely costly. Sattar vs. Motorola Inc Presents the potential for exposing privileged documents.
Legal practitioners must have extensive computer knowledge.

CONCLUSION :
With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.

Bibliography :
All State Investigations, Inc. January 2005
http://www.allstateinvestigation.com/ComputerForensicServices.ht m Computer Forensics, Inc. http://www.forensics.com/

Computer Forensic Services, LLC. January 2005.

http://www.computer-forensic.com/index.html

International Association of Computer Investigative Specialists. January 2005. http://www.cops.org/ Middlesex County Computer Technology. January 2005.
http://www.respond.com/countyguides/1800000002/NJ/023

Virtue, Emily. Computer Forensics: Implications for Litigation and Dispute Resolutions. April 2003.
http://ncf.canberra.edu.au/publications/emilyvirtue1.pdf