StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Role of Computer Forensics and Investigation Report in Criminology - Research Paper Example

Cite this document
Summary
From the paper "Role of Computer Forensics and Investigation Report in Criminology" it is clear that whole Disk Encryption is a process in which full contents of a hard drive are converted into unique codes. Decryption is only achieved by individuals with authorized access into the computer software…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.7% of users find it useful
Role of Computer Forensics and Investigation Report in Criminology
Read Text Preview

Extract of sample "Role of Computer Forensics and Investigation Report in Criminology"

Computer Forensics and Investigation Report With the increased globalization and utilization of information technology, criminals have adopted modern techniques in committing various crimes. As such, computer forensics and investigations play an import role of evidence production in criminology. Forensic experts in the field of computer forensics gather and preserve evidential materials from various computing appliances. In this regard, the following discussion explains various terms and gadgets used in computer forensics. One of the commonly used terms in computer forensics is live data acquisition. Live data acquisition is a process in which computer forensic experts make a copy of the digital evidence, from a digital device, by running a program (University at Buffalo, n.d). In this process, data is acquired while the computer belonging to the suspect is on. Live data acquisition is necessitated by particular factors, such as prevention of permanent data loss, disk encryption or significant losses to the affected people, when the computer is switched off. It is noteworthy pointing out that live data acquisition does not guarantee repeatability. On the contrary, static data acquisition involves making a copy of the evidential data when the computer is turned off. Statistic acquisition mainly takes place when storage disk is write-protected by the suspect. Unlike live acquisition, static data acquisition is characterized by high level of repeatability hence the importance placed on this approach (University at Buffalo, n.d). Ideally, forensic experts make a copy of the original data in order to use the copy for further analysis. Physical drive is another commonly used term in computer forensics. Physical drive refers to the hardware component used in most computer gadgets for storing data (Pachghare, 2009). Physical drives can be in form of magnetic tapes or disk drives, which are tangible and can be detached from electronic gadgets. Contrastingly, logical drive refers to the various partitions that exist in the physical drive. In many computers, users partition the existing physical drive into several portions that represent ‘independent’ storage units (Pachghare, 2009). However, these storage units, known as logical drives, are part of the main hard drive in the computer. File Allocation Table (FAT) is an older system used by various operating systems to track data stored in the hard drive. Ideally, data generated by use of computer programs is stored in bytes, which are clustered in different locations on the storage disk (Marshall University, n.d). As such, the FAT system is used to locate specific clusters associated to particular files of interest. By understanding this data storage system, computer forensic experts can collect the relevant evidence from computers with high precision. New Technology File System (NTFS) allows easy location of hidden files unlike the FAT system. It was designed for to replace the older versions and provide high security to the stored data and enhance recoverability of any information in storage systems. In addition, large files in the NTFS are not fractured while storing like in the FAT system. The NTFS has size control of clusters and reduced slack space when compared to the FAT system (Marshall University, n.d). As such, the NTFS provides a more reliable storage mechanism that provides a good platform for computer forensics. In computer forensics, experts usually work from copy of information in order to preserve the original content in the suspects’ computers. As such, the collected evidence is stored in particular formats that can be further analyzed using various forensic tools. One of the most commonly used storage formats is referred to as the Raw Format. Raw Format represents the first technique used by digital forensic experts to transfer evidential information from suspected digital source. Ideally, the technique involves bit by bit copy from the original storage source to another storage disk with similar capacity or larger. Raw Format technique of storing information bears several advantages and limitations that must be put into consideration by forensic experts before use. One of the major advantages of raw format data storage is that it is faster technique of data transfer (University at Buffalo, n.d). Therefore, experts with limited time can use the technique to collect evidential information. In addition, many tools used for forensic analysis are capable of utilizing raw format data hence the wide applicability of the format. Moreover, it is possible to by-pass insignificant errors from the original source of the data. However, the technique requires more storage space and some information from ‘bad’ sectors maybe lost. Proprietary Format represents the unique formats that have been developed by companies that develop forensic tools. With the increased technological development in the world, different companies have developed technological equipment that suite particular needs in the society. In this regard, technological companies concerned with computer forensics have developed various tools for collecting digital evidence. Examples of proprietary formats include MP3, WMA, RAR and PSD. These proprietary formats are operated under licenses and privacy controls. Proprietary formats also have some advantages and limitations for their use in computer forensics. Some of the advantages associated to proprietary formats include, flexibility in use, such that professionals can choose whether or not to compress data, ability to combine different types of data in an image and ability to disintegrate image data into small portions for storage reasons (University at Buffalo, n.d). However, proprietary formats have a limitation data sharing-incompatibility between tools produced by different companies. Advanced Forensic Formats (AFFs) are used in open source forensic data acquisitions by computer forensics experts. The Advanced Forensic Formats were developed in order to solve some of the challenges presented by the initial formats while carrying out forensic investigations. For instance, the AFTs have no capacity restrictions when transferring the disk to image evidential data. Developed by Basis Technology Corporation, the AFTs have managed to counter many limitations presented by other formats used in data acquisition. Like the other formats discussed, the AFTs have several advantages and very few limitations. Some of the advantages associated with this format include limited requirements for extra storage capacity, capacity to store metadata in the saved images and can be used by various forms of operating systems (University at Buffalo, n.d). The only limitation associated with the AFTs is that many forensic companies have not completely embraced the format and hence few forensic analytic tools are specific for the format. Because of the criticality of evidential information in criminal investigations, additional measures are taken to preserve digital evidence through hashing. Hash values are numerical values generated through algorithmic calculations and assigned to digital files, usually used as evidence (SANS Digital Forensics and Incident Response Organization, 2009). Ideally, hash values assign unique codes to the digital files so that it is easy to verify particular information, which of interest in forensic investigations. It is noteworthy pointing out that hashing electronic evidence is important because of the implications of criminal evidence on the suspect and ensuring that different tools used in the analysis do not alter the original evidence. During forensic investigation, has values are generated for the original data storage, copied image before analysis and the copied image after investigations. All the generated has values are compared to ascertain that there has been no interference on the digital evidence. Examples of hashing tools used in computer forensics include MD-5 and SHA-1. As discussed earlier, physical drive can be divided into several logical drives that can be used as in depended disks. Disk Partitions represent the logical drive found in a computer hard disk (Pachghare, 2009). In reality, different file systems can be used in the various disk partitions. Therefore, while collecting digital evidence, forensic experts analyze each partition in order to identify the files stored and evaluate analytic tools required to examine the disk. Considering that computers store data in file clusters, in most cases, there are some unfilled spaces in the clusters after storing data. The extra space in a cluster after file storage is called Slack Space. In forensic investigations, slack space is usually examined because it contains residual information concerning any stored file (Pachghare, 2009). As such, it is possible to collect information concerning deleted files in a computer system hence the relevance of slack space in digital forensics. Whole Disk Encryption is a process in which full contents of a hard drive are converted into unique codes. Decryption is only achieved by individuals with authorized access into the computer software. During digital forensic investigations, forensic experts use decryption tools to identify the information protected in suspect computers (Pachghare, 2009). Disk encryption is normally used by individuals or organizations for privacy reasons. Diagram-Hard drive Sector- is a small portion of the hard disk used for data storage Cluster- is a storage unit in a hard disk formed by several sectors Track- is a circle surrounding the storage unit in a hard disk. Several tracks are divided into a sector. Disk Platter- is a circular magnetic disk used in data storage. References Marshall University.(n.d). A Forensic Comparison of NTFS and FAT32 File Systems. Retrieved from http://www.marshall.edu/forensics/files/RusbarskyKelsey_Research-Poster-Final-Draft.pdf Pachghare, V. K. (2009). Cryptography and Information Security. New Delhi: PHI Learning. SANS Digital Forensics and Incident Response Organization. (2009). Law Is Not A Science: Admissibility of Computer Evidence and MD5 Hashes. Retrieved from http://digital-forensics.sans.org/blog/2009/01/07/law-is-not-a-science-admissibility-of-computer-evidence-and-md5-hashes/ University at Buffalo. (n.d). Guide to Computer Forensics and Investigations Fourth Edition. Retrieved from http://mgt.buffalo.edu/departments/mss/djmurray/mgs610/ch04.ppt Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Role of Computer Forensics and Investigation Report in Criminology Research Paper, n.d.)
Role of Computer Forensics and Investigation Report in Criminology Research Paper. Retrieved from https://studentshare.org/technology/1671590-final-project
(Role of Computer Forensics and Investigation Report in Criminology Research Paper)
Role of Computer Forensics and Investigation Report in Criminology Research Paper. https://studentshare.org/technology/1671590-final-project.
“Role of Computer Forensics and Investigation Report in Criminology Research Paper”, n.d. https://studentshare.org/technology/1671590-final-project.
  • Cited: 0 times

CHECK THESE SAMPLES OF Role of Computer Forensics and Investigation Report in Criminology

Role of Computers in Modern Society

hellip; Observing everyday life, anyone can spot the design of computer-related gadgets and procedures that make life relaxed and allow us to be languid.... This report "role of Computers in Modern Society" discusses the computer-electronic era that is upon us and it will persist to develop and impact till the social order spins around it every day.... These gadgets are in most regular undertakings stretching from getting up to an alarm clock that is electronic to viewing the news prior to sleeping on a computer monitor....
7 Pages (1750 words) Report

Computer Science and Information Technology

This report "computer Science and Information Technology" discusses how the society has made a perfect person that is played out in the sites with a conclusion that gives the remedy and precautionary measures that should be considered to avert possible negative impacts imminent in the social sites....
11 Pages (2750 words) Report

The Use of Computers Nowadays

This report "Analysis of Business Adaptation with Regards to Tablet PCs" discusses the pros and cons of Tablet PCs that should be engaged in the business world.... It is the overarching understanding of this particular author that tablet computing is the wave of the future.... hellip; Of all the information that is been presented, it is the further belief of this particular author that the most salient information is with respect to the fact that tablet computing allows the stakeholder/employee to rapidly integrate with the needs of the consumer; having direct access to the information that a consumer/client may have ultimately had a direct correlation....
6 Pages (1500 words) Report

Computer Crimes and their Avoidance

Nevertheless, hacking is helpful in determining the vulnerability of computer systems in a network or in respect of an individual PC.... This report "computer Crimes and their Avoidance" presents the internet that has engendered a virtual world, where distances are no longer of any significance.... hellip;  In the event of a natural disaster such as a storm or an earthquake, the computer gets physically damaged and the data stored in it will be damaged....
7 Pages (1750 words) Report

How to Use a Computer Software Program

Such applications have been made possible due to the development of computer utility software programs that help in commanding the hardware to respond to particular user requests, and computer application software programs that enhance efficiency when the users are undertaking certain tasks.... To gain the best out of computer use one has to know and understand well how to gain access to a computer program and efficiently use it in performing various tasks (Arora & Bansal, 2005)....
5 Pages (1250 words) Report

Identifying Threats and Vulnerabilities to Computer

The study "computer Security" concerns an example of how security lapses can occur and expose the system's vulnerabilities.... Security encompasses the elements of keeping information confidential and of upholding the integrity and availability of resources; these three elements are often used to describe computer security goals (Stallings 2009).... computer security gives rise to the notion of protecting systems from a technological point of view, as well as making systems more secure on the basis of the human factors (Trček 2006)....
6 Pages (1500 words) Report

Criminology and the Criminal Justice System

This report "criminology and the Criminal Justice System" examines the case of Pinky Salmon, the Mayor of Stratford, who was the leader of Independence for Stafford Party.... This report assesses the criminal liability of Pinky Salmon, under the Criminal Damage Act1971.... hellip; Pinky Salmon, tampered with the chandelier, thereby revealing his criminal intent to endanger the life of Allie....
7 Pages (1750 words) Report

Effect of Salinity on Cell Diameter

This paper "Effect of Salinity on Cell Diameter" gives the result of the investigation of the effect of salinity on cell diameter when two cultures are used.... One of the cultures was grown at a salinity of 1 while the other was grown at a salinity of 30.... The diameter of 25 cells in the culture was measured....
9 Pages (2250 words) Report
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us