| In the global village called the internet, | | | | |
| not everyone plays nice. You always hear of | | | | 2. The forensic investigator must then |
| the word "hack". It is mostly used in | | | | document the configuration of the system as |
| relation to invading of computers. Most of | | | | you would document a crime scene. This should |
| these are not entirely true but computer | | | | include the order of hard drives, modem, LAN, |
| network systems do get hacked. If and when it | | | | storage subsystems, cable connections, and |
| does happen, it usually involves something | | | | wireless networking hardware. The analyst may |
| sinister. | | | | make a diagram to go along with the digital |
| | | | photographs. They will also take portable |
| Even employees of companies do engage in | | | | storage devices within the area that may |
| snooping or to use our favorite word, | | | | contain substantial evidence. |
| hacking. The birth of the internet has led to | | | | |
| more of this. Anyone can be anything online. | | | | 3. The computer forensic expert must take all |
| This is why fraud, phishing, and identity | | | | the evidence to the lab. This is because the |
| theft happen. | | | | analyst should not examine the evidence in |
| | | | the same hardware. People who engage in cyber |
| The computer has become an important part of | | | | crimes are also aware that important data can |
| everyday life. Sending letters have been | | | | be retrieved to convict them. |
| entirely changed by emails. Communications | | | | Countermeasures, viruses and booby traps may |
| have been dominated by instant and text | | | | be installed in the system to damage |
| messaging. Portable storage devices that were | | | | electronic evidence. |
| an exclusive preserve of Information | | | | |
| Technology professionals are now used by the | | | | Analysts take the hard drive in their lab |
| general public. | | | | instead to make an exact duplicate of its |
| | | | contents. This process is called Imaging. |
| I think you are already getting the idea of | | | | Analysts have their own tools to make sure |
| why computer forensics are needed. In the | | | | that the data is copied completely and |
| event that hacking does occur, the computer | | | | accurately. |
| forensic will do the following: | | | | |
| | | | The duplicate will then be verified by an |
| 1. Like any other investigation, the computer | | | | algorithm. The data is then examined and |
| forensic must handle the area as a crime | | | | analyzed. The analyst makes a report of his |
| scene. He or she will take digital | | | | or her findings and the process that was |
| photographs and secure documentary evidence. | | | | taken during the investigation starting from |
| This will include printouts, notes and disks | | | | the acquisition of the data. This evidence |
| in the scene. | | | | will be presented in court if prosecution is |
| | | | necessary. |
| If you are the one who hired the computer | | | | |
| forensic expert, you should leave everything | | | | The computer forensic plays many roles and |
| to them. The computer system should be left | | | | duties in the criminal justice field. It is |
| as is whether it is turned on or off. | | | | hard to cover all of them in this short |
| | | | article. I encourage you to do more reading |
| If the computer was left on, the analyst will | | | | if you are interested in this field. You can |
| gather all the information that he or she can | | | | do this by visiting websites that cover the |
| from the running applications. The computer | | | | profession in more detail. |
| will then be shutdown in a way that the data | | | | |
| will not be lost. Doing a standard shutdown | | | | Note: You are free to reprint or republish |
| or pulling the plug is not an option. Both of | | | | this article. The only condition is that the |
| these methods may cause the loss or damage of | | | | links should be clickable. |
| the data in the computer system. | | | | |