Introduction to Computer Forensics

We will be covering whole of the computer forensics in the weeks to come. We start with a very brief introduction to computer forensics including links to various documents on the internet, which you can download very easily and study.
Computer forensics is a specialized and fast growing field of investigation. Recent years have seen the expansion of discovery from traditional paper discovery to a search of computer records. This is the result of the increasing use of computer technology combined with the belief that valuable evidence can be found on computers in addition to evidence existing in paper form.
The term “computer forensics” is associated with a relatively new class of crime. Essentially computer forensics is used to describe the study of computer and storage devices for the purposes of obtaining legal evidence. The key element is that this evidence must be capable of being used in legal proceedings.Computer forensics involves the recovery of lost, damaged, hidden or password-protected data from a computer system after the system has crashed or been effected by a virus, or because of accidental, deliberate or malicious file corruption or loss. As such, computer forensics can be described as the scientific process of preserving, identifying, extracting, documenting and interpreting data held on electronic storage media.

Some basic definitions
Electronic record : any data that is recorded or preserved on any medium in or by a computer system or other similar device, that can be read or perceived by a person or a computer system or other similar device. It includes a display, printout or other output of that data.

Computer Forensics : Computer forensics is the scientific examination and analysis of data held on, or retrieved from, computer storage media in such a way that the information can be used as evidence in a court of law.

Properties of digital evidence:
1. Digital evidence is any data stored or transmitted using a computer that supports or refutes a theory of how an offense occurred or that addresses critical elements of the offense such as intent or alibi. 2. Digital evidence is extremely fragile similar to a fingerprint.
2.Digital evidence is also “Latent” which means it can not been seen in it’s natural state, much like DNA. Any actions that can alter, damage or destroy digital evidence will be scrutinized by the courts.
3. Digital evidence is often constantly changing and can be very time
sensitive
4. Digital evidence can transcend borders with ease and speed

Types of crime involving digital evidence
• Types of crimes that may involve digital evidence
• Online auction fraud
• Child exploitation/Abuse
• Computer Intrusion
• Homicide
• Domestic Violence
• Economic Fraud, Counterfeiting
• Threats, Harassment, Stalking
• Extortion
• Gambling
• Identity Theft
• Narcotics
• Prostitution
• Software Piracy
• Telecom Fraud

Types of investigations
• Internal: no search warrant or subpoena needed, quickest investigation
   – Corporate investigation that involves IT administrator reviewing documents that they should not be
       viewing.
• Civil: other side may own the data, may need subpoena
   – One party sues another over ownership of intellectual property, must acquire and authenticate digital
       evidence so it can be submitted in court.
• Criminal: highest stakes, accuracy and documentation must be of highest quality, slowest moving
    – Child porn investigation that involves possession and distribution of contraband.

Here are few links, from which you can download the brief introduction to computer forensics, from which you can get idea and save them for your notes as well

Intro 1
Intro 2 (This paper is good for adding to your introduction, which will make it very impressive)