computer forensics
A Computer Forensics investigation can be initiated for a variety of reasons. The most high profile are usually with respect to criminal investigation, or civil litigation, but digital forensic techniques can be of value in a wide variety of situations, including perhaps, simply re-tracking steps taken when data has been lost.
Common Scenarios? Examples include:
- Employee
internet abuse
(common, but
decreasing)
- Unauthorized
disclosure of
corporate
information and data
(accidental and
intentional)
- Industrial
espionage
- Damage
assessment
(following an
incident)
- Criminal
fraud and deception
cases
- More general
criminal cases (many
criminals simply
store information on
computers,
intentionally or
unwittingly)
--- and
countless others!
computer espionage
The IT era has made it almost more important to safeguard technology than to develop it. Cutting-edge core technologies can mean sink or swim not just for corporations but for nations. Yet we continue to hemorrhage technology. A simple Flash Drive walking out the door with your proprietary information can mean the end of your business. To stop that leakage of technology, we must urgently adapt the security framework to new threats.
We do have laws protecting business secrets, but they focus on punishment after the fact. What is needed is prevention. The most important thing is for individual businesses to build up their security infrastructure. Core Group can covertly review your infrastructure and recommend lasting security solutions. Only 47 percent of companies have confidentiality rules, and only 34 percent carry out security checks. Security consciousness has substantially improved in large businesses but is still negligible in small and medium-sized venture companies that often drive innovation.
computer forensics
Like
DNA, Computer
Forensics has
the potential of
developing both
inculpatory and
exculpatory
evidence that
without its use,
will remain
hidden. One definition is analogous to "Electronic Evidentiary Recovery, known
also as
e-discovery,
requires the
proper tools and
knowledge to
meet the Court's
criteria,
whereas Computer
Forensics is
simply the
application of
computer
investigation
and analysis
techniques in
the interests of
determining
potential legal
evidence."
Another is
"a process
to answer
questions about
digital states
and events”.
The forensic examiner renders an opinion, based upon
the examination
of the material
that has been
recovered. After
rendering an
opinion and
report, to
determine
whether they are
or have been
used for
criminal, civil
or unauthorized
activities.
Mostly, computer
forensics
experts
investigate data
storage devices,
these include
but are not
limited to hard
drives, portable
data devices (USB
Drives, External
drives, Micro
Drives and many
more). The
objective being
to provide
digital evidence
of a specific or
general
activity.
Computer Forensics is only a tool, it is not a substitute for investigation. But, with some estimates that 85% of the time, some evidence of illicit activity can be found on computers, it is a tactic we always consider.
data recovery
A Computer Forensic investigation is a detailed science. The main phases are sometimes considered to be: secure the subject system (from tampering during the operation); take a copy of hard drive (if applicable); identify and recovery all files (including those deleted); access/copy hidden, protected and temporary files; study 'special' areas on the drive (eg: residue from previously deleted files); investigate data/settings from installed applications/programs; assess the system as a whole, including its structure; consider general factors relating to the users activity; create detailed report.