|
|
|
Author: S Rodrigues
Computer Forensics is the general use and understanding of computer data and/or activity. In a serious situation, it will be related to the collection of information for use as evidence against illegal/criminal activity. Otherwise, it may be related to data recovery or tracking computer activity.
Other times computer forensics might be considered are:
- check or review staff internet abuse
- illegal use of a coampany's intellectual property (accidental or otherwise)
- fraudulent activity at work
- data recovery following damage to computer equiment (intentional or otherwise)
|
|
The general Do's and Don'ts of Computer Forensics:-
Do:
- ensure the hardware (computer & more importantly the hard disk(s)) can not be accessed by someone that could tamper with it
- where possible - and certainly inserious cases - copy the complete set of data (eg copy the complete hard drive(s))
- look for deleted data
- look for hidden data (not that certain encryption software means that without password access, hidden data may never be recovered)
- investigate - for applications of interest - various settings
- investigate - using operating system's tools - recorded activity by user(s)
- make notes of your work & your discoveries
Don't:
- rush!
- change settings on the computer (date, time or other settings)
- change the data you are investigating!
S Rodrigues works for RCS Limited
www.rcs-limited.co.uk: many computer based training courses
www.absolute-cbt.co.uk:
mainly IT computer based training courses
|
|
|
|
|
| |