Computer Forensics Technology

Sample Essay

Answer 1

 The fact that computer forensics tools and methods can be successfully use to identify user passwords, computer logons, as well as other transparent information is absolutely correct. A simple example of this can be the extraction of password through file sharing. If a file sharing is enabled on a computer, then services such as NetBIOS can be sued to retrieve sensitive information about the system, such as the user names, configuration of the system as well as registry keys. These pieces of information can then be used to allow for a brute force password attack against any Windows NT system.  Furthermore, on a network, software such as packet sniffers can be used to extract data from the packets travelling a particular segment of a network, which can contain confidential information such as user credentials.

A simple utility which is often ignored called FINGER, can also be used to extract information about user logons remotely on computers on which the service has not been disabled.

With regards to identification, detection and extraction of information that is transparently moved between different components of a computer, forensic tools allow the computer forensic experts to have a look at data that is generated from past activities on the computer. This data may be found in the swap files that contain temporary data generated by the various programs. This data may not only provide information about the usage of the program but also provide clues about the users credential and other information that is not saved in user files. Forensic tools can also have a look at data in file slack and unallocated file space, which is unreadable by the user in normal circumstances. This form of data can be categorized uniquely as ambient data and may span up to 50% of a computer hard drive. This ambient data may contain email fragments, word processing fragments, directory tree snapshots as well as remnants of any activity that has occurred in past work sessions on a computer. These chunks of data, when read, may provide important information and can prove to be an important clue for computer forensic expert looking for evidence, but these activities are only made possible with the help of computer forensic tools (Vacca, 2005).

 This is just a sample paper solely for marketing purposes. Please visit our website for custom term papers and essays.

More Computers And Technology Articles

How the Level of Government Technology Determines the Success and Effectiveness of Computer and Digital Forensics

The Meaning Of Computer Forensics

Computer forensics is a branch in forensic science entailing the process of investigating crimes committed by the use of computer technology, mostly over the internet. The word ‘Forensics' is commonly understood to mean bringing to court. Most states have enacted laws to regulate the admissibility, collecting, preserving and adducing of evidence collected though computer forensic technology in courts. This is often confused with the term digital forensics. The two terms are, however, generally related.

The meaning of digital forensics

Digital forensics is a forensic science branch, which encompasses the recovery and investigation of all the data and materials found or stored in the digital devices. Earlier, this term was synonymous to the computer forensics (discussed above) in relation to computer crime.

Its meaning has, however, been expanded to cover the investigation of all the digital devices which can store data including phones, cameras, memory cards, flash disks, CDs and DVDs, etc. It also includes the analysis of DNA, fingerprints, blood samples and other related items; it requires expertise of the highest degree.

These two technical terms are commonly used when discussing matters to do with computer or internet security. The perpetrators of a crime over the internet may be residing in different countries. The victims may be from several different and distant countries. It requires sophisticated government technology to trace those responsible for the crime being investigated.

It also requires the cooperation of the law enforcement authorities from different countries if the crime is extra territorial.

The process of investigation and prosecution of crimes committed over the internet is complex. It involves a complex system of tracing and collecting evidence, analyzing, organizing and then presenting it in court. The level and extent of government technology is directly related to its capability of dealing with computer crimes. The government must train its judicial officers, investigators and prosecutors on mobile device forensics, digital forensics, database forensics and internet forensics, in order to deal with computer crimes effectively.

Most crimes committed by the use of computers and over the internet are orchestrated and executed by well-trained computer professionals. The simple counter cyber crime training offered to most law enforcement authorities in the developing countries cannot meet the challenge of the internet hackers, online impostors, money launders and various other computer criminals. The successful investigation and prosecutions of computer crimes in the US and European countries, by use of the computer forensics technology, has proven that they are very effective in dealing with such crimes.

Information on Computer Forensics Training

Computer forensics is a fairly substantial area, and for this reason the courses are normally separated in to 2 parts, ENCE I and ENCE II, here we will discuss both of the courses, how you will benefit and what you can expect to learn and gain experience in through taking the training.

Through some hands on exercises, real life simulations and text book work you will gain knowledge and confidence in the following areas which you can then take back to your workplace or use your knowledge towards a new career in computer forensics;

What constitutes digital evidence and how computers work
An overview of the EnCase Computer Forensic Methodology
Basic structures of the FAT and NTFS file systems
How to create a case and how to preview/acquire media
How to conduct basic keyword searches
How to analyze file signatures and view files
How to restore evidence
How to archive files and data created through the analysis process
How to prepare evidence for presentation in court
How to verify the evidence file

The above topics will give you the base knowledge in computer forensics and upon completion of this course you may find you want to enhance your new found talent and take the eNXCE II course also.

The ENCE I is ideal for security professionals and litigation staff that are new in their field or wish to expand their knowledge, you will learn proper handling of computer evidence and then through all the stages to analysis, and finally how to properly archive data so it may be stored and retrieved as required.

Once you have gained the skills from ENCE I moving on to ENCE II you will learn;

How to create and use of logical evidence files
How to locate and recover deleted partitions and folders
How to conduct keyword searches and advanced searches using GREP
Students will gain an understanding of the EnCase Virtual File System (VFS) and Physical Disk Emulator (PDE)
Students will learn about the Windows® Registry
Students will learn how to deal with compound file types
How to export files, directories and entire volumes
How to identify files using hash values and building hash libraries
How to identify Windows XP operating system artifacts such as link files, recycle bin, and user folders
How to prepare reports and evidence for presentation in court
How to recover artifacts such as swap files, file slack, and spooler files
How to recover printed and faxed pages

As you see the ENCE II is more involved and your computer forensics experience from the ENCE I and your workplace will be of a great assistance here.

To find out more about the computer forensic courses and what is right for you visit www.KnowledgeCenterInc.com for more details.




Find More Computers And Information Articles