Cyber Forensic

WHAT IS COMPUTER FORENSIC???

* Computer forensics is the collection, preservation, analysis and presentation of computer-related evidence. In summary, it helps determine the WHO, WHAT, WHERE, and WHEN related to a computer-based crime or violation.

“ We define computer forensics as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law”.

EXAMPLES OF COMPUTER FORENSIC

Performing investigation post employment

termination

Recovering thousands of deleted emails

Performing investigation after multiple

users had taken over the system

Recovering evidence post formatting hard

drive

RECOVERING THOUSANDS OF DELETED EMAILS..

* Both computer forensics experts and data recovery technicians seek to recover deleted data

* Data recovery is primarily interested in bringing back files, while computer forensics tends to dig deeper, looking not just for deleted documents, but also for metadata (data about data - such as file attributes, descriptions, dates, and other information) and meaningful snippets of unrecoverable files.

* One area of particular interest is email.

* When most documents are written to a computer's hard disk, each newly created document has its own directory entry (what the user sees as a listing in a folder).

* If a file has been deleted, but has not been overwritten by another document, the recovery process is a relatively trivial part of e-discovery or of data recovery.

* Individual emails are stored differently than individual files.

* Different types of email programs store data differently on the user's hard disk and require different schemes for finding useful information.

* As a result, the deletion of emails and recovering of deleted emails differs not only from that for other types of documents,...