|
|
|
HOW TO GET THE COMPUTER YOU WANT WITHOUT SPENDING A FORTUNE
HOW TO GET THE COMPUTER YOU WANT WITHOUT SPENDING A FORTUNE By M. Nasser Bey I have been using computers for years now and have never owned a new one. Like many people I had little money when I started looking for a machine. Back in the early...
Proper Scanning Resolution
One thing to master about scanning is the proper scanning resolution. The proper resolution to scan depends on how you intended it to be used. Before scanning it is important to know these five vital information: size of the original image, size...
Reclaim Your PC from the Internet Spies
Viruses are, however, not the only malicious software programs out there. The newest addition to the evil software family is the so called Spywares and a good anti-virus program or firewall is not enough to safeguard against these clever programs. ...
Top 10 things everyone must know about computer viruses
You have permission to publish this article electronically or in print, free of charge, as long as the bylines are included and all links are made active. A courtesy copy of your publication would be appreciated: published@antivirus-report.com ...
Who's Peering Into Your Computer?
Have any passwords, love letters, naughty pictures or sensitive business information stored on your hard drive? It's almost embarrassingly easy for a hacker to break into a networked computer and retrieve your personal information. Does your...
|
|
| |
|
|
|
|
|
|
Some Computer Forensics Basics
- Computer Forensics in a Nutshell
Computer forensics are examinations of computers made during a criminal investigation. When police look into the files and data on a computer during an investigation, they are using computer forensics. It is obvious that you would want to look at a suspect's computer if they are involved in a hacking or industrial espionage case where the computer is being actively used to commit the crime, but these are not the only sorts of cases where computer forensics is used. Even if a murder case or a theft where a suspect used a computer could have information on it that is important to the case. You never know where you might find the information that you need for a case, and so investigators look at everything they can find.
- What Computer Forensics Investigators Look At
There are three basic kinds of data that a computer forensics investigator will look at when examining a computer: saved data, meta data and deleted data.
The first thing that a computer forensics investigator will do before examining this data is to make a copy of the hard drive. Even just looking at a file can sometimes change the data or meta data, and it is important that none of the original information is tampered with when using it in a criminal investigation. Making a copy of the computer's hard drive allows the investigator to go through all of the data without having to worry that he is tampering with potential evidence.
Saved data is any data that is normally accessible on a hard drive. It is all the data that is saved onto the hard drive. This includes things like documents, imagages, internet logs, program files, etc. This is the easiest data to look at, because it involves no special working to access these files. Sometimes files might be hidden within multiple folders or using confusing file names, so the examination will need to be thorough to make sure anything important to the case is found. Files can also sometimes be password protected, which makes it more difficult for an investigator to open them to read them. Computer forensics investigators are trained to get around these kinds of blocks.
Meta data is information that accompanies saved data. It is the information that tells you about the saved dat, like when a file was created, when it was last modified and when it was last accessed. This tells us when something was made, when the person who created the file was using it and if he
had made any changes to it. This can be useful as it can help put a timeline to the data the investigator is looking at, and match up information for use with the case.
Deleted data is data that has not been saved on the computer or has been deleted from the computer. You can't access this information just through normal use of the computer. It requires special software or special methods to go into the hard drive and look at it.
When a file is deleted from a computer, it isn't actually removed from the hard drive. The file is kept in the same place as it always was. What is really happening is that the computer is being told that this file does not exist, and it will act as if it doesn't. You can't look at the file if you are just looking through the saved data, because the computer doesn't see it as saved data. However, if you skip over what the computer thinks about the data, and only look at the raw data, you will be able to see the file still there.
There are some difficulties with this, though. Because the computer doesn't think that the file is there any more, it has no problem putting new data where the deleted data was. If this happens then the file will be erased and you will no longer be able to look at it. Sometimes the new data doesn't completely write over the deleted data though, and an investigator can sometimes still see traces of the deleted data on the hard drive. It is similar to when you tape over an old VHS tape, sometimes the old show or whatever you had taped before will pop up every now and then because the new taping isn't total. These traces can give the investigator an idea of what the computer user had deleted, and can sometimes give cues as to why it was deleted.
- Computer Forensics Growing
As computers continue to become more important in America, computer forensics will continue to grow as well. Looking at data can lead to information that would never be found through other methods of investigation, and it proves very useful in a number of different criminal cases.
About the Author
Allen Butler is a freelance writer who specializes in internet content. If you need quality content written fast, he has the dedication and the ability to deliver. If you would like a free sample article, e-mail him at allen_butler3000@yahoo.com He can write on most any subject matter, and will have your sample back to you within 24 hours.
|
|
|
|
|
|