Computer Forensics

This paper deals with gathering data (which eventually may become evidence) during forensics.

The basic stages during any forensics activity are as follows

1. Preparation / Initial Assessment

2. Data Gathering / Collection

3. Examination

4. Analysis

5. Reporting / Documenting

Firstly we identify the types of data that could be gathered and the information that we can extract from it. Depending on the type of data we analyze the data so it is important that we prepare before any of the data collection activities take place. There are activities like imaging that are performed based on the type of data that is available to us. The data available varies from case to case. We also discuss in the paper the various tools available that can be used for this process.

There are some factors that must be taken into account during the process which are as follows:

* Handle the original evidence as little as possible to avoid changing the data.

* Establish and maintain the chain of custody.

* Documenting everything that has been done.

* Only use tools and methods that have been tested and evaluated to validate their accuracy and reliability.

There is also another source of information the user. Important information obtained in the course of a forensic examination will come from the computer user. An interview with the user can yield valuable information about the system configuration, applications, encryption keys and methodology. Forensic analysis is much easier when analysts have the user's passphrases to access encrypted files, containers, and network servers.