| 3 Introduction to Digital Forensics = use e — Forensics in Law Enforcement, Compute, Forensics | What is Computer Proceedings, Computer Forensics s/Employment | Forensics Assistance to Human Resources | services, Benefits of Professional Forensics Methodology, Steps taken by Computer Forensics | specialists Types of Computer Forensics Technology : Types of Military Computer Forensic | Technology, Types of Law Enforcement — Computer Forensic Technology, Types of Business Computer Forensic Technology Computer Forensics Evidence and Capture: Data Recovery Defined, Data Back-up and Recovery, The Role of Back-up in Data Recovery, The Data. | | Recovery Solution. 3.1 _ What is Computer Forensics ? «The methodical examination of computer media (hard discs, diskettes, cassettes, etc.) for evidence is known as computer forensics. In other words, computer forensics involves gathering, preserving, analysing, and presenting data relating to computers. * Computer forensics also go by the name's electronic discovery, computer analysis, an¢ computer inspection. They also go by the name's digital discovery, data recovery, and data discovery. Criminal cases, civil lawsuits, and human resources/employment hearings can all benefit from computer evidence. 3.2__ Use of Computer Forensics in Law Enforcement The field of computer forensics benefits law enforcement in following ways: * Recovery of deletad files : It helps to recoverdeleted fil 4 les, such a aphics, an images, is one example of this peso * Search for unallocated spaces : Looking throu: igh unallocated s; isc, which is generally where there is a lot of data. Pace-on the hard cssa sor security & Datel Forensics SPPU) 3-2 + Introd Introduction to Digital Forensics gefacts : Tracing arte: ‘acts, those traces of information the operating system I ing system leaves fo trac +7 ind Our specialists are skilled in locating these artefact cts, aniticance ofthe data they uncerer but more crucially, they are adept graetermining the s! idden files: It i ; roproes nfs 's used to process hidden files, which are files that the ee user cannot woe or access BU ns lata about previous usage. This method frequently entails rebi a ae ails rebuildin and examining each fi 's date code to discover when it was created, last edited, last — nd when it was destroyed. hes : i oun string searches : Searching for email using a string when there isnt a clear email client Computer Forensics Assistance to Human Resources/Employment 33 cS Proceedings wuters may be used as evidence in a variety of human resources cases, inciuding ation, and wrongful termination, Electronic mail systems, accusat network servers, tmployer safeguard program employers are required to protect sensitive company information and individual staff PCs all contain evidence. «The regrettable prospect that data may be harmed, deleted, or stolen by @ disgruntled person is a worry today. told of their termination, a computer forensic expert should visit the location py of the data on the person's computer. se the employee decides to alter such data in Before a person and make an exact cof + The employer is safeguarded in this way in cai any way before quitting. ced, and information about what «Data that has been damaged or destroyed can be repla happened can be restored accusations made by nd the employer against untrue he removal of * This technique can also be utilised to defer ase by demonstrating t the employee or to strengthen the company's ¢ confidential information. tances in ind hints. This covers circumst and decipher the left-behi 3 en scs have been formatted, been tal did you know ? * You have to be able to locate which data has been removed, di to obliterate or hide the evidence. or other measures have For illustration, © Which websites were accessed? Techtinoedst What documents were downloadeIntroduction to Digital p, or, W cyber Security & Digital Forensics (SPPU) hy 3 When were the files last accessed? f 0 _ Ofefforts to hide or destroy evidence? idence? Of efforts to create false evi _ ° hat was deleted from the final printed edition may app, © That text from a document tha iy the electronic copy of the document? Sew i jost recent few hund «That some fax machines save duplicate copies of the mi red ag. received? That computer-based faxes may be issued or received and stored there indefinitely? ° © That email is quickly replacing other forms of communication for businesses? © That individuals frequently express opinions via email that they would never express ji, memo or letter? © That email has been effectively utilised in both civil and criminal proceedings? © That email is frequently archived on cassettes, which are typically retained for months years? © How many people maintain digital records of their finances, including their investments? 3.4 Computer Forensics Services ' Computer forensics experts should be able to carry out difficult evidence recovery processes effectively and with the knowledge and proficiency that supports your case. They should, for instance, be able to offer the following services: 1. Data seizure In accord: it "dance with federal regulations, computer forensics specialists should serve as the representative and locate evid ilisi i sj canal ence utilising their understanding of data storage technologi pr nals Ought to be able to help the authorities seize the equipment. 2. Data duplication/preservation The com Puter forensics professionals should handle both of th ting 2 identical copy of the required data This will ese issues by crea! ill ensuy that the seizure does not place an re that the data is not altered in any wey 3 excessive strain on th the original data is maintained while specialists responding party.The integrity of Operate on the duplicate dataSS Vig hs or ts? Ses pore inact bl “enage stems enables the recovery of lost evidence ment Seé ches 4 my a discovery process is simplified and less invasive forall part al Parties as a result of the speed and hese searches, which allow computer for ens of tl ficiency sicS professionals to quickly search trough more than 200,000 electronic documents rather pe indexed han having to wait hours for them to ‘ media conversion professionals in computer forensics should remove pertinent data fi d : rom outdated and readable devices, convert it into usable form um 's, and transfer it to fresh storage media for eamination. 6, Expert witness services Computer forensics professionals should be able to describe complicated technological procedures in a way that is easy for judges and jurors to grasp. This should assist them understand how computer evidence is discovered, what it consists of, and how it is relevant to a particular circumstance. 7. Computer evidence service options Computer forensics specialists ought to provide a range of services, each tailored to your particular investigation requirements. They should, for instance, be able to provide the following services : * Standard service : Until your vital electronic professionals should be able to work on your case evidence is located, computer forensics during regular business hours. visit to your place and s should be able to mn while they are on- * On-site service : Experts in computer forensics should be able to provide full-service digital evidence management. The specialist Promptly make accurate copies of the data storage media in concert site, rensics nt_on your computer for i ‘mitted to Professionals to give your case top attention in their labs. They should be per is are achieved. Continue working on it unhindered un' | your evidentiary goal TecaKnouedse Emergency assistance : You should be able to couIntroduction to p, 35 : W cyber Security & Digital Foren (sPPu)