Submitted by: Submitted by thamya
Views: 222
Words: 1251
Pages: 6
Category: Science and Technology
Date Submitted: 01/30/2013 04:48 PM
WHAT IS COMPUTER FORENSIC???
* Computer forensics is the collection, preservation, analysis and presentation of computer-related evidence. In summary, it helps determine the WHO, WHAT, WHERE, and WHEN related to a computer-based crime or violation.
“ We define computer forensics as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law”.
EXAMPLES OF COMPUTER FORENSIC
Performing investigation post employment
termination
Recovering thousands of deleted emails
Performing investigation after multiple
users had taken over the system
Recovering evidence post formatting hard
drive
RECOVERING THOUSANDS OF DELETED EMAILS..
* Both computer forensics experts and data recovery technicians seek to recover deleted data
* Data recovery is primarily interested in bringing back files, while computer forensics tends to dig deeper, looking not just for deleted documents, but also for metadata (data about data - such as file attributes, descriptions, dates, and other information) and meaningful snippets of unrecoverable files.
* One area of particular interest is email.
* When most documents are written to a computer's hard disk, each newly created document has its own directory entry (what the user sees as a listing in a folder).
* If a file has been deleted, but has not been overwritten by another document, the recovery process is a relatively trivial part of e-discovery or of data recovery.
* Individual emails are stored differently than individual files.
* Different types of email programs store data differently on the user's hard disk and require different schemes for finding useful information.
* As a result, the deletion of emails and recovering of deleted emails differs not only from that for other types of documents,...