StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Computer forensics laboratory - Essay Example

Cite this document
Summary
Computer forensics is a discipline that integrates aspects of law and computer in the process of data collection and assessment from “computer systems, networks, wireless communications, and storage devices” in a manner that does not violate procedural laws on admissibility (US-CERT 2008)…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.1% of users find it useful
Computer forensics laboratory
Read Text Preview

Extract of sample "Computer forensics laboratory"

Running Head: COMPUTER FORENSICS LABORATORY COMPUTER FORENSICS LABORATORY By Processes Involved in Computer Forensics Laboratory Computer forensics is a discipline that integrates aspects of law and computer in the process of data collection and assessment from “computer systems, networks, wireless communications, and storage devices” in a manner that does not violate procedural laws on admissibility (US-CERT 2008). It involves the processes of preservation, identification, extraction and documentation.

Computer forensics are conducted either offline or online. An offline analysis necessarily means conducting examination of a computer system while it is powered down and an online analysis while it is powered on. The first one is preferable, but there are instances when it is impossible to conduct it in such a manner as in cases when the system needs to be continuously powered on. During an offline analysis, copies of the hard drive are made to ensure that no data is lost and during a powered on forensics analysis, the investigator takes and collects as much evidence as he can take (Craiger 2006, p. 5). Since the goal of computer forensics is to gather and obtain evidence that may be presented in court against a suspect in a crime, it is important that the processes undertaken abide by the Federal rules of evidence that govern the admissibility of evidence.

There are three steps with which computer forensics is undertaken: one, make an exact digital copy of the original evidence to ensure that the latter is untouched and unaltered; two, validate that the copy is an exact replica of the original, and, three, analyze the digital copy. The exact physical copy of the evidence is called bit-stream image, forensic duplicate or forensic image and is done by removing the hard disk from the source computer and attaching it to the investigator’s forensic machine with the following security measures: using a write-blocker to ensure that no data is written to it in the process, and; setting the jumper setting of the source drive to slave to prevent any change of files.

As an alternative, the network acquisition method may be used where the source computer is access by the forensics computer through a network connection. Verification of the copy involves the use of a one-way hash algorithm called the MD5 cryptographic hash (Craiger 2006, pp. 6-7, 9-13). Analysis done in computer forensics laboratory may be classified as logical or physical. Logical analysis looks at the evidence from a file system perspective using system tools such as file manager, file viewer and the like.

On the other hand, physical analysis entails an examination of the evidence from a purely physical perspective and uses tools such as the hex editor. For example, in the examination of the source hard disk, logical analysis confines the examination to clusters allocated to a file, but a physical analysis entails looking not only at allocated space, but also on unallocated and slack spaces (Craiger 2006, pp. 18-49). The first thing to do in the analytical process is to reduce the space to be searched for efficiency and accuracy.

This could be done through processes called hash analysis and signature analysis. Hash analysis entails sifting through and distinguishing between known and notable files. Known files are ignored, while notable files, such as hacking tools and child pornography, are scrutinized. On the other hand, signature analysis distinguishes between documents and their types, and images. If the goal of the investigation is to obtain pornographic images as evidence against the suspect, then the appropriate file signature, such as JPEG, for images must be identified.

In searching for specific forensic image, searches may be made using keywords and particular types of files such as email, web-mail as well as looking for computer footprints in the swap file, index.dat file, cookies, INFO2 for deleted files, temporary files, print spool files and similar files (Craiger 2006, pp. 18-49). The Laboratory: Services and Training Offered The San Diego Regional Computer Forensics Laboratory is the nearest computer forensic laboratory to the state of Hawaii. This laboratory offers the following services: on-site seizure and collection; duplication, storage and preservation of computers and related evidence; forensic examination of digitally stored media, and; courtroom testimony.

The San Diego RCFL offers courses to law enforcement agents that are geared to train them in seizing, collecting and analyzing computer evidence as well as other specialized areas of computer forensics such as internet intrusion and computer forensics software. Course descriptions include: forensic tool kit for investigators; image scan training; introduction to MySpace and other social networking websites; seizing and handling of digital evidence; internet crimes and tracing, and; N-DEx class description (San Diego RCFL 2011).

The San Diego RCFL facilities include a 25-student computer workstations, with Dell precision Workstation 650, networked by Ghost Station as well as peripherals such as 42’ plasma monitor, a projector, 2 Whiteboards, a VCR, DVD player and broadcasting capability provided by Robotel (San Diego RCFL 2011). As for job opportunities, an interested party does not apply directly to the San Diego RCFL nor does the latter ‘hire’ employees. An interested applicant must be nominated by any of the participating agencies of which he or she is gainfully employed.

The detail usually lasts for 2 years (RCFL 2011). The participating agencies to the San Diego RCFL to which the applicant must be an employee of are: California Highway Patrol; Carlsbad Police Dept; Chula Vista Police Dept.; Department of Homeland Security-Immigration and Customs Enforcement; El Cajon Police Dept.; FBI; La Mesa Police Dept.; National City Police Dept.; Oceanside Police Dept.; San Diego District Attorney’s Office; San Diego Police Dept.; San Diego Sheriff’s Dept.; US Attorney’s Office; DHS-Customs and Border Protection (San Diego RCFL 2011).

References: Craiger, J.P. (2206). Computer Forensics Procedures and Methods. RCFL (2011). Employment Opportunities with RCFLs. San Diego RCFL (2011). Regional Computer Forensics Laboratory. US-CERT (2008). Computer Forensics.

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Computer forensics laboratory Essay Example | Topics and Well Written Essays - 750 words”, n.d.)
Retrieved from https://studentshare.org/environmental-studies/1422864-computer-forensics-laboratory
(Computer Forensics Laboratory Essay Example | Topics and Well Written Essays - 750 Words)
https://studentshare.org/environmental-studies/1422864-computer-forensics-laboratory.
“Computer Forensics Laboratory Essay Example | Topics and Well Written Essays - 750 Words”, n.d. https://studentshare.org/environmental-studies/1422864-computer-forensics-laboratory.
  • Cited: 0 times

CHECK THESE SAMPLES OF Computer forensics laboratory

Planning Report for the Computer Forensics Lab

Assume that after this module you decide to set up a computer forensics laboratory.... hellip; In order to set up a new computer forensics lab, seven employees would be hired in total.... Two of these employees will be placed to deal with administrative issues while the other five will be employed to deal with computer forensics work.... The technicians hired to do computer forensics work would be trained and qualified computer personnel geared to deal with forensics work....
3 Pages (750 words) Essay

Digital Forensic Laboratory

Digital Forensic laboratory.... hellip; Digital Forensic laboratory.... laboratory budget In planning a budget for a digital forensic lab the first most crucial part to be considered should be training.... laboratory expenses include the following: Hardware, these are computers microscopes and all other relevant, and essential equipment required for a successful investigation.... Specialized software for an in depth analyses of crime data, facility space and the trained personnel who will e operating the equipment's, and laboratory investigations (Jones et al, 2011)....
3 Pages (750 words) Assignment

Fast-Evolving Nature of Technology

The unit will be fully equipped with a cyber-forensics laboratory which will specialize in digital evidence recovery, and which will also the facilitation of computer investigative training and development of forensic skills.... hellip; this light, this police department needs to create a computer forensics unit that will utterly address and overcome the inspective hurdles of a digital world and establish scientific and legal standards for digital forensic....
9 Pages (2250 words) Term Paper

Computer Forensic Software

Several subjects that include evidence imaging, e-mail investigations, data recovery, analysis of file structures, hidden and deleted file recovery, password recovery, and decryption of encrypted data in addition to forensics visualization, which is important in reducing the amount of time required in inspecting as well as analyzing vast amounts of data.... The paper "computer Forensic Software" discusses that good visualizations and visual interfaces can be essential in reducing the time required to analyze data....
15 Pages (3750 words) Coursework

Management Information Systems Pertaining to Law Enforcement - Past and Present

The MIS systems are generally computer systems, which store the information in digital form.... The aim of this article "Management Information Systems Pertaining to Law Enforcement - Past and Present" is to summarize the benefits of applying the recent information technology advancements in law enforcement for the purpose of facilitating major data-related tasks....
11 Pages (2750 words) Article

Computer Forensic Tools Test Method

Note the inroads of forensic from the centuries-old application to the advent of scientific-based correlation of computer forensics.... Presently, computer forensic is on its toes as can be gleaned in different levels of laboratory testing.... As the paper "Computer Forensic Tools Test Method" outlines, the Control Process on the methods of testing conducted for Computer Forensic Tools is extremely important in ensuring that justice grinds to its foolproof efficacy through the aid of modern forensics....
1 Pages (250 words) Essay

The Knowledge of the Investigating Officer for the Success of the Investigation Process

In a bid to curb this newwave of crime in the digital world, law enforcement agencies, corporate organizations and other institutions are employing computer forensics into their infrastructure.... This science might be traced back to the year 1984 when the United States of America's federal investigation bureau laboratory and other law enforcement agencies started to develop programs to examine evidence from computers.... The field of cyber forensics has devised various ways of preserving and analyzing evidence related to cyber crime....
15 Pages (3750 words) Essay

The Key Principles of Cyber Forensics

This particular paper will describe digital evidence, explain on the key principles of cyber forensics while outlining the threats that are held when digital evidence is stored on computers.... It will then on proceed and discuss some of the investigation process that are used when conducting digital forensics and finally concluding by outlining the importance of crime reconstruction hypotheses and alternative hypotheses.... Cyber forensics is therefore the process of extracting information and data from computer systems while guaranteeing on its accuracy and reliability, in a manner that is legally acceptable via the application of computer technology to the investigation of computer based crime (US-Cert, 2008)....
17 Pages (4250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us