 What
are Computer Forensics?
Computer Forensics is the gathering of evidence of
inappropriate or criminal activity from a device that stores
information electronically.
What kind of devices can have evidence
stored on them?
Any device that has a memory capacity, such as:
Computer hard drives
CD ROM’s
Credit and Debit cards
Digital cameras
DVD’s
External drives
Flash disks
 Floppy
disks
Memory chips and cards
Mobile phones
Modems
PDA’s (eg. Palm Pilot, Blackberry, Treo)
Printers
Telephones
USB devices
Why can’t my IT person gather the evidence?
Typically, IT personnel lack the specialised training
required to gather, preserve and analyze evidence in a
manner that is acceptable to a court. For example, simply by
turning on a suspect computer, many files are altered and
evidence can be corrupted.
What will a Computer Forensic
Specialist do to gather the evidence?
A Computer Forensic Specialist will use specialized tools,
software and hardware to detect and record information that
would be undetectable to an untrained person. Typically, they
will “image “a suspect device in order to preserve evidence.
Imaging could be compared to taking a photograph, since a second
identical piece of memory, is created.
The Computer Forensic
Specialist can then manipulate the imaged copy in a variety
of ways in order to extract evidence. Because of this, the
original device is never altered and remains in the same
state that it was when it was seized.
Can deleted information be recovered?
In certain circumstances,
deleted files can be recovered using specialized tools and
techniques. Even if a commercially available “wiping tool”
has been used, evidence can sometimes still be obtained.
Even in circumstances where data has not been damaged by
intentional acts but as a result of errors or technical
failures, our technicians may be able to recover it.
|
