Computer forensics laboratory - Essay Example

Comments (0) Cite this document
Computer forensics is a discipline that integrates aspects of law and computer in the process of data collection and assessment from “computer systems, networks, wireless communications, and storage devices” in a manner that does not violate procedural laws on admissibility (US-CERT 2008)…
Download full paperFile format: .doc, available for editing
GRAB THE BEST PAPER93.8% of users find it useful
Computer forensics laboratory
Read TextPreview

Extract of sample "Computer forensics laboratory"

Running Head: COMPUTER FORENSICS LABORATORY COMPUTER FORENSICS LABORATORY By Processes Involved in Computer Forensics Laboratory Computer forensics is a discipline that integrates aspects of law and computer in the process of data collection and assessment from “computer systems, networks, wireless communications, and storage devices” in a manner that does not violate procedural laws on admissibility (US-CERT 2008). It involves the processes of preservation, identification, extraction and documentation. Computer forensics are conducted either offline or online. An offline analysis necessarily means conducting examination of a computer system while it is powered down and an online analysis while it is powered on. The first one is preferable, but there are instances when it is impossible to conduct it in such a manner as in cases when the system needs to be continuously powered on. During an offline analysis, copies of the hard drive are made to ensure that no data is lost and during a powered on forensics analysis, the investigator takes and collects as much evidence as he can take (Craiger 2006, p. 5). Since the goal of computer forensics is to gather and obtain evidence that may be presented in court against a suspect in a crime, it is important that the processes undertaken abide by the Federal rules of evidence that govern the admissibility of evidence. There are three steps with which computer forensics is undertaken: one, make an exact digital copy of the original evidence to ensure that the latter is untouched and unaltered; two, validate that the copy is an exact replica of the original, and, three, analyze the digital copy. The exact physical copy of the evidence is called bit-stream image, forensic duplicate or forensic image and is done by removing the hard disk from the source computer and attaching it to the investigator’s forensic machine with the following security measures: using a write-blocker to ensure that no data is written to it in the process, and; setting the jumper setting of the source drive to slave to prevent any change of files. As an alternative, the network acquisition method may be used where the source computer is access by the forensics computer through a network connection. Verification of the copy involves the use of a one-way hash algorithm called the MD5 cryptographic hash (Craiger 2006, pp. 6-7, 9-13). Analysis done in computer forensics laboratory may be classified as logical or physical. Logical analysis looks at the evidence from a file system perspective using system tools such as file manager, file viewer and the like. On the other hand, physical analysis entails an examination of the evidence from a purely physical perspective and uses tools such as the hex editor. For example, in the examination of the source hard disk, logical analysis confines the examination to clusters allocated to a file, but a physical analysis entails looking not only at allocated space, but also on unallocated and slack spaces (Craiger 2006, pp. 18-49). The first thing to do in the analytical process is to reduce the space to be searched for efficiency and accuracy. This could be done through processes called hash analysis and signature analysis. Hash analysis entails sifting through and distinguishing between known and notable files. Known files are ignored, while notable files, such as hacking tools and child pornography, are scrutinized. On the other hand, signature analysis distinguishes between documents and their types, and images. If the goal of the investigation is to obtain pornographic images as evidence against the suspect, then the appropriate file signature, such as JPEG, for images must be identified. In searching for specific forensic image, searches may be made using keywords and particular types of files such as email, web-mail as well as looking for computer footprints in the swap file, index.dat file, cookies, INFO2 for deleted files, temporary files, print spool files and similar files (Craiger 2006, pp. 18-49). The Laboratory: Services and Training Offered The San Diego Regional Computer Forensics Laboratory is the nearest computer forensic laboratory to the state of Hawaii. This laboratory offers the following services: on-site seizure and collection; duplication, storage and preservation of computers and related evidence; forensic examination of digitally stored media, and; courtroom testimony. The San Diego RCFL offers courses to law enforcement agents that are geared to train them in seizing, collecting and analyzing computer evidence as well as other specialized areas of computer forensics such as internet intrusion and computer forensics software. Course descriptions include: forensic tool kit for investigators; image scan training; introduction to MySpace and other social networking websites; seizing and handling of digital evidence; internet crimes and tracing, and; N-DEx class description (San Diego RCFL 2011). The San Diego RCFL facilities include a 25-student computer workstations, with Dell precision Workstation 650, networked by Ghost Station as well as peripherals such as 42’ plasma monitor, a projector, 2 Whiteboards, a VCR, DVD player and broadcasting capability provided by Robotel (San Diego RCFL 2011). As for job opportunities, an interested party does not apply directly to the San Diego RCFL nor does the latter ‘hire’ employees. An interested applicant must be nominated by any of the participating agencies of which he or she is gainfully employed. The detail usually lasts for 2 years (RCFL 2011). The participating agencies to the San Diego RCFL to which the applicant must be an employee of are: California Highway Patrol; Carlsbad Police Dept; Chula Vista Police Dept.; Department of Homeland Security-Immigration and Customs Enforcement; El Cajon Police Dept.; FBI; La Mesa Police Dept.; National City Police Dept.; Oceanside Police Dept.; San Diego District Attorney’s Office; San Diego Police Dept.; San Diego Sheriff’s Dept.; US Attorney’s Office; DHS-Customs and Border Protection (San Diego RCFL 2011). References: Craiger, J.P. (2206). Computer Forensics Procedures and Methods. RCFL (2011). Employment Opportunities with RCFLs. San Diego RCFL (2011). Regional Computer Forensics Laboratory. US-CERT (2008). Computer Forensics. Read More
Cite this document
  • APA
  • MLA
(“Computer forensics laboratory Essay Example | Topics and Well Written Essays - 750 words”, n.d.)
Retrieved from
(Computer Forensics Laboratory Essay Example | Topics and Well Written Essays - 750 Words)
“Computer Forensics Laboratory Essay Example | Topics and Well Written Essays - 750 Words”, n.d.
  • Cited: 0 times
Comments (0)
Click to create a comment or rate a document

CHECK THESE SAMPLES OF Computer forensics laboratory

Computer Forensics

...? Table of Contents Table of Contents 2 Introduction 2 The business problems 3 Online frauds 3 Hacking 3 Virus 4 The process of computer forensics 4 Search and seizure 5 Analysis 5 Preservation 6 Value of computer forensics 6 Protection 7 Prosecution 7 Increased earnings 8 Minimizing computer crimes 9 Systems backups and off-site storage 9 Passwords and Encryption 10 Intrusion detection system 10 Recommendation 11 Conclusion 11 References 12 Abstract This article takes a critical analysis of computer forensics as a way of presenting evidence in courts on matters pertaining to computer crimes. It analyses...
11 Pages(2750 words)Research Paper

Computer Forensics in Biology

... Computer Forensics in the Organization Introduction Computer forensics or cyber forensics is a very crucial topic in information systems and network management. Forensics is a controlled procedure of gathering, examining and presenting facts and evidence to the court of law, and thus, forensic computing is defined as “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-CERT, para.4). This...
5 Pages(1250 words)Research Paper

Planning Report for the Computer Forensics Lab

...?Assume that after this module you decide to set up a computer forensics laboratory. Submit a planning report for your lab with the following components: 1. Identify duties of the lab employees (how many employees you would like to hire?) Typical computer forensic laboratories employ between five and ten people. In order to set up a new computer forensics lab, seven employees would be hired in total. Two of these employees will be placed to deal with administrative issues while the other five will be employed to deal with computer forensics work. One of the administrative...
3 Pages(750 words)Essay

Computer Forensics

...?Part Computer forensics has always interested me and though I have considered myself close to being an expert in computer science, I must admit I have had to concede that I have learned that one can do many illicit things with a computer; situations that I did not know existed. Yet on the same token the forensic investigators, “the good guys”, can counter these illegal operations with many sophisticated tricks of their own. Sometimes it is not as instantaneous or glamorous as the fancy gadgets they show on CSI NY but they have many tools available to recreate crimes that can eventually hold up in court. But the TV shows have it right in at least one...
4 Pages(1000 words)Essay

Computer Forensics

...Fighting Cybercrime: The Latest from Computer Forensics With the rise of Internet usage in this Information Age, there corresponded a proportional increase in its misuse. These are called cybercrimes, or those crimes done via the Internet. This paper begins by identifying the scope of cybercrimes and famous examples. Then, it proceeds to introduce the field of computer forensics, and the tools and technology that are used in this field for fighting Internet crimes. The paper finishes the discussion by enumerating applicable laws and notable contributions of computer forensics. Introduction We live in borderless world. Although people our bounded by geographic terrain, the World Wide Web has made it possible for people to connect... that...
9 Pages(2250 words)Essay

Computer Forensics

...Running Head: Forensic Biology Forensic Biology [Institute’s Forensic Biology Introduction In specific, the paper will discussand analyze one of the significant techniques in forensic biology: Forensic Toxicology. The legend of the pop industry, Michael Jackson, died on June 25, 2009. That was one of biggest shocks to the music industry and he left millions of his fans with tears and his unforgettable memories. Immediately after his death, every one had questions regarding the causes of the death of Michael. This is one of departments, which a forensic scientist is responsible for dealing with. The initial reports regarding the deal of...
5 Pages(1250 words)Research Paper

Computer Forensics

...Computer Forensics Computer Forensics Even though, computers and internet have helped human to bring revolutionary changes in life styles, it is alsocreating worries because of the misuse. In fact cyber crimes are growing day by day everywhere. The antisocial elements are capable of destroying or breaking the highly secure and strong firewalls in order to steal sensitive information from the computers and internet. In short, the security of computers and internet is highly important in the present day computer dominated world. Computer forensics is relatively a new area...
5 Pages(1250 words)Essay

Computer Forensics - Case Portfolio

...Computer Forensics - Case Portfolio 0 Case Summary The case is based on a criminal incident against child pornography. One of the employee in Widget Corporation namely Mr. Didit has been alleged for developing child pornography during the office premises. As a result, forensic investigation agency has been summoned in order to collect and examine digital evidences from the crime scene. Throughout the investigation process the legality and fairness has been maintained by engaging in best practices for evidence treatment. Various evidences have been gathered from the crime scene in order to judge that the employee is guilty of such a cyber-crime during office work time. 2.0...
10 Pages(2500 words)Case Study

Computer Forensics

...45 questions, worth 2 points each question worth 10 points In a criminal investigation, the prosecutor is required to provide a copy of all evidence in discovery. In these investigations, what is the minimum number of copies that should be made of each digital media device? ________ TWO 2. True or False: Of the three phases of an investigation: Acquisition, Authentication, and Analysis, Acquisition is the process of retrieving digital evidence and verifying that it is authentic. ________ FALSE 3. “A specialty field in which companies retrieve files that were deleted accidentally or purposefully” is the definition for which of the following terms? ________ a. Private Investigation b. Computer...
2 Pages(500 words)Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.

Let us find you another Essay on topic Computer forensics laboratory for FREE!

Contact Us