Computers Forensics

Earn a High-Paid Computer Forensics Job

2010-05-29T21:15:00.000+07:00

Computer forensics is the field of study which involves investigation of cyber crimes. It specialized in recovering, analyzing and presenting data from computers to be used in investigations as proof and evidence. As our technology advances each and every day, companies today use computers to store and transfer valuable information and data.

With this, online crimes and fraud increase rapidly. Consequently, the demands for certified computer forensic investigators are high and constantly increasing.

To earn yourself a good paying job in this field, there are a few criteria's that you should meet:

* First, you would need to have a strong base in mathematics and science as these are the fundamentals of computer forensics.
* As far as knowledge goes, you would need to be knowledgeable about computers, legal systems, computer security and law enforcements. Also, you would need to have skills in a broad range of computer storage devices, operating systems, programming languages and software applications & architectural. These are vital as they are the basics of the study
* You would also need to have an accredit degree either in computer forensics or a related field such as computer science, criminal justice or engineering.
* Relevant practical knowledge is also required.
* You should also learn how computer systems work. This would be for debugging purposes, performance optimization and reverse-engineering. In addition, it is a must for you to have a solid comprehension of the law seeing that all your findings would need to be handled legally.
* Communication skills are also required. Although you would be dealing with electrical devices, you would need to explain the problems and solutions to top managing level.

With great communication skills and efficient task work, getting a steady job shouldn't be too much of a challenge as the demands for employees with skills in computer forensics are always increasing rapidly within our society today.

Information processing system Forensics, Data Recovery and E-Discovery Differ

2010-05-29T20:50:00.001+07:00

What's the difference between data recovery, computer forensics and e-discovery?

All three fields deal with data, and specifically digital data. It's all about electrons in the form of zeroes and ones. And it's all about taking information that may be hard to find and presenting it in a readable fashion. But even though there is overlap, the skill sets require different tools, different specializations, different work environments, and different ways of looking at things.

Data recovery generally involves things that are broken - whether hardware or software. When a computer crashes and won't start back up, when an external hard disk, thumb drive, or memory card becomes unreadable, then data recovery may be required. Frequently, a digital device that needs its data recovered will have electronic damage, physical damage, or a combination of the two. If such is the case, hardware repair will be a big part of the data recovery process. This may involve repairing the drive's electronics, or even replacing the stack of read / write heads inside the sealed portion of the disk drive.

If the hardware is intact, the file or partition structure is likely to be damaged. Some data recovery tools will attempt to repair partition or file structure, while others look into the damaged file structure and attempt to pull files out. Partitions and directories may be rebuilt manually with a hex editor as well, but given the size of modern disk drives and the amount of data on them, this tends to be impractical.

By and large, data recovery is a kind of "macro" process. The end result tends to be a large population of data saved without as much attention to the individual files. Data recovery jobs are often individual disk drives or other digital media that have damaged hardware or software. There are no particular industry-wide accepted standards in data recovery.

Electronic discovery usually deals with hardware and software that is intact. Challenges in e-discovery include "de-duping." A search may be conducted through a very large volume of existing or backed-up emails and documents.

Due to the nature of computers and of email, there are likely to be very many identical duplicates ("dupes") of various documents and emails. E-discovery tools are designed to winnow down what might otherwise be an unmanageable torrent of data to a manageable size by indexing and removal of duplicates, also known as de-duping.

E-discovery often deals with large quantities of data from undamaged hardware, and procedures fall under the Federal Rules of Civil Procedure ("FRCP").

Computer forensics has aspects of both e-discovery and data recovery.

In computer forensics, the forensic examiner (CFE) searches for and through both existing and previously existing, or deleted data. Doing this kind of e-discovery, a forensics expert sometimes deals with damaged hardware, although this is relatively uncommon. Data recovery procedures may be brought into play to recover deleted files intact. But frequently the CFE must deal with purposeful attempts to hide or destroy data that require skills outside those found in the data recovery industry.

When dealing with email, the CFE is often searching unallocated space for ambient data - data that no longer exists as a file readable to the user. This can include searching for specific words or phrases ("keyword searches") or email addresses in unallocated space. This can include hacking Outlook files to find deleted email. This can include looking into cache or log files, or even into Internet history files for remnants of data. And of course, it often includes a search through active files for the same data.

Practices are similar when looking for specific documents supportive of a case or charge. Keyword searches are performed both on active or visible documents, and on ambient data. Keyword searches must be designed carefully. In one such case, The Schlinger Foundation v Blair Smith, et al the author, computer forensics expert Steve Burgess uncovered more than one million keyword "hits" on two disk drives.

Finally, the computer forensics expert is also often called upon to testify as an expert witness in deposition or in court. As a result, the CFE's methods and procedures may be put under a microscope and the expert may be called upon to explain and defend his or her results and actions. A CFE who is also an expert witness may have to defend things said in court or in writings published elsewhere.

Most often, data recovery deals with one disk drive, or the data from one system. The data recovery house will have its own standards and procedures and works on reputation, not certification. Electronic discovery frequently deals with data from large numbers of systems, or from servers with that may contain many user accounts. E-discovery methods are based on proven software and hardware combinations and are best planned for far in advance (although lack of pre-planning is very common). Computer forensics may deal with one or many systems or devices, may be fairly fluid in the scope of demands and requests made, often deals with missing data, and must be defensible - and defended - in court.

Catch And Prosecute Fraudulent Employees With Computer Forensics

2010-05-29T20:48:00.000+07:00

While the computer has created a surge in productivity for companies, it has also opened the door for employees to perform higher level crimes that can devastate companies. Most employers and staff are shocked when they discover that an employee has been executing crimes right under their noses. The thing with white collar crimes is that criminals don't necessarily "look"like criminals and they often proceed for years without being caught.

When a company does suspect that a computer crime is underway, bringing in a computer forensics team is usually the only way to discover the truth. With more intelligent crimes come more intelligent cover ups. The standard computer user may not find a trace of evidence on the employee's computer, but computer forensics can expose a secret world of lies, deceit, and crafty cover ups.

Some of the most common inside employee computer crimes are:

-Embezzlement

-Fraud

-Insider trading

-Bribery

-Money laundering

-Identity theft

-Intellectual property theft

How White Collar Criminals Try to Cover Their Tracks:

Someone who is intentionally engaging in illegal activities will take often predicable precautions to cover their tracks. Some protective measures that a criminal may use to avoid being caught are:

-Wiping tools

-Encrypting data

-Secure deletion tools

-Remote data storage devices

-Steganography (writing hidden messages)

-Digital data compression

Although tech-savvy criminals can make the process of uncovering data difficult, it i's not impossible. Every digital action leaves a footprint and even data that appears to be "deleted" to the standard user can be uncovered using computer forensics.

When Computer Forensics Evidence Doesn't Stand Up in Court:

Sometimes employees will walk away without punishment even with undeniable evidence that they are guilty. When data recovered through computer forensics doesn't stand up in court, it's usually not the data itself, but the way in which it was collected. While an internal IT employee trained in computer forensics is an invaluable asset to any company, forensic evidence to be used in court is often best handled by an impartial, outside party.

A court will consider several things when considering the merit of the data collected such as:

-Who gathered the information (were they an impartial party?)

-Credentials and training of the person collecting the data

-Who had access to the data once collected?

-What was the chain of custody of the evidence?

-What security measures were in place to ensure interested parties did not have access to the information?

For companies that will choose to use their in house IT team to gather information, it is essential to have a well-documented standard process for handling data, detailing the chain of custody and the way in which the data will be stored. When computer forensics is handled inside of a company, the integrity of the data after it has been collected is at a much higher risk than when choosing an independent third party. Using the proper tools and procedures can help to mitigate that risk.

The Amazing of Computer Forensics

2010-02-27T22:33:00.001+07:00

The field of Computer Forensics is fast becoming a popular option for individuals who are technologically savvy and analytical minded. The marriage of crime solving using evidence within computer and technology systems, broadly speaking, is known as computer forensics. Since computers and technology have become ubiquitous in our society both for personal and business use; traces of crimes committed are increasingly found by examining data within these devices. This not only includes a computer hard drive; but also includes other devices such as blackberry's, cell phones, and similar PDA devices. Any device that stores information such as emails, text messages, or internet usage can contain clues about someone suspected of committing a crime.

Common Uses of Computer Forensics

Anytime you hear the word "white collar" crime, you can bet that a Computer Forensics Analyst is heavily involved in investigating the case. These highly trained professionals may be employed by the business where the suspect works, conducting investigations based on red flags raised within the companies human resources group. In addition, local and federal law enforcement agencies employ Computer Forensics Analysts to conduct research and gather evidence to be used in a court of law.

One common use of computer forensics is to track and prosecute child pornography offenders. If an individual is suspected of consuming or producing child pornography, their computer equipment may be seized by local authorities and examined by these trained professionals. The Forensics Analyst will perform tasks such as examining the hard drive, looking for sexually explicit materials or searching through historical data on web sites visited or created by the suspect. A cell phone may be seized and examined to determine if the suspect was attempting to contact under age victims. Due to the now common utilization of such technology, there are usually many clues to be gleaned from such investigations.

Another common use for computer forensics is the investigation of the various types of cyber crimes committed. Since the internet is still in its early stages, the vulnerability to crime is great. While there have been several improvements to security; the fact remains that cyber crime is still a major concern. Identity Theft and Phishing scams in which highly sensitive personal and financial information is taken from innocent people through a variety of tactics, continues to be a priority for law enforcement. Tracing these activities back through sometimes sophisticated schemes is the primary goal. In some cases, federal agencies must operate on an international level, which can be more complicated and requires involvement by the FBI.

Violent Crimes, including homicide are another area in which computer forensics has proven to make or break cases with compelling evidence. Again, the examination of communications or other data stored on any technological device can provide clues to the character, state of mind, and communication patterns of a suspect. In earlier days, the examination of phone records was an important aspect of a violent crimes investigation. Now, with the use of the internet, texting, and email, there is a wider selection of data to pull from when conducting an investigation.

The above examples are just a few of the many uses of computer forensics. Any crime committed or any investigation conducted where the use of technology is involved is potentially within the spectrum of computer forensics. The field is increasingly becoming a central part of criminal investigations, and trained professionals who are both tech savvy and analytical with formal training, are being sought out for these positions.

Computer Forensics For Employee

2010-02-18T01:47:00.004+07:00

In this high-tech world, communication is done 99.999% via electronic gadgetry, which means computers. From personal to corporate communications, from simple messages between employees to complicated ciphers of industrial espionage or financial crime, computers are the vehicles. Thus the best place to find evidence of employee misdemeanor in almost all aspects is to check his computer hard disk. Whether it is a refurbished computer, a used computer or a new computer, traces of what he did using the machine may be analyzed to establish whether he committed malfeasance or not. This field of post factor computer analysis is called computer forensics.

Every computer records all keystrokes performed in the machine, since it must respond to them as instructions. This record is normally stored in the disk in various locations though most may be automatically deleted as part of the operating system methodologies. But analysis of computer disks normally reveals traces of these, especially the deleted items that have not yet been overwritten by new information. Deletion of information in any program simply means the computer will not access it, but it does not go away unless overwritten, and may be 'read' by specialized gadgets to reveal what was thought to be already eliminated.

There are two general reasons for computer forensics: when an employee is suspected of misbehavior in keeping company information confidential during his tenure; and if an employee is thought of under performance, not devoting his full time to his work. In the first instance, the computer may be confidentially examined after the employee has left without anyone being the wiser; but in the second instance, periodic computer inspection is the only way to identify goldbricking employees without adversely affecting employee morale. Otherwise, spying on the employee will be the alternative, either via electronic gadgets or actual spies.

Information obtainable by forensics gadgets include:

1. Files or parts of files that have been deleted but not overwritten. As stated above, the magnetic arrangement for the information stays as is unless rearranged by new keystrokes.

2. List of deleted file titles even without the files. This may indicate the use of unsanctioned or unofficial applications.

3. Websites visited, at any browser setting, even if deleted from browser history. Normally recorded in hidden files or unused disk space and readable in whole or remnants.

4. Opened or downloaded Internet information or graphics. Same with the preceding.

5. Non-standard applications or software used.

6. Residual information in the temporary files, saved or not. Usually the most recent work.

7. Hidden information or those protected by passwords. The applications used can crack the passwords or go beyond them.

Corporate studies indicate that about 20% of employee computer time at work is devoted to activities not directly connected to the work, and this is grossly unfair to the employer. Employee monitoring is thus a way of ensuring correct employee conduct, but there is also such a thing as employee morale and right to privacy. The trick is getting and keeping a balance between the two rights, and computer forensics is simply a way to do it.

A Real World Application In Computer Forensics

2010-02-18T01:47:00.003+07:00

Everyone's so caught up these days in computer forensics and forensic science to solve murder mysteries like those seen on the TV series CSI. But computer forensics is not all murder and police drama. There are far more necessary reasons for those in this particular industry, and a very interesting case has come up recently involving the company Nintendo.

After noticing a recent news article from Australia, I was surprised to find that a US and Japanese based video game company was bringing a law suit forth to an Australian man who violated international and US and Australian copyright laws. After an Australian game store accidentally released the new Super Mario Brothers game for their Wii system six days before Nintendo had scheduled a global release, a 24 year old Australian named James Burt broke through the game's code and illegally uploaded the game to the internet, allowing thousands to download the game illegally onto their own computers without paying Nintendo any money. This perhaps cost Nintendo millions of dollars.

So how did Nintendo track down Mr. Burt from the hundreds of millions of computer users across the world, to the millions in Australia, to those in his area, to find out that he was the one who illegally uploaded the game? They used computer forensics specialists, trained to trace the tracks of Internet usage to find the source of the uploaded games.

Nintendo's forensic specialists, trained in top computer forensics programs, were able to trace all downloads of the game, starting from the beginning. Once the original download was found, the upload was traced by time and IP address. Using computer forensics tracking programs, Mr. Burt's IP address was matched with his location and he was apprehended by local law enforcement.

The next step for the computer forensics specialists was to present the information and evidence they were able to uncover during their investigation to the lawyers and judge in the courts, where Mr. Burt was found guilty of illegally uploading property belonging to Nintendo, and distributing it without Nintendo's consent. The courts in Australia found Mr. Burt liable for $1.3 million USD toward Nintendo's lost earnings. Additionally, $100,000 of Nintendo's accrued legal fees were also designated to be paid by the defendant.

If it weren't for the expert specialists working for Nintendo, the company would not have been able to locate the defendant and most likely would not have been able to recoup the millions of dollars in lost revenue. Proof that computer forensics and forensic science is not all murder and mystery, but used every day to solve all types of modern-day crimes and investigations.

Computer Forensics - New Careers

2010-02-18T01:46:00.002+07:00

The computer forensics industry is slated to be among the fastest growing industries over the coming decade. With so many households using computers today, the need for computer forensics is growing exponentially, for just about every reason you could think of. And many reasons you may not think of. Crimes include identity theft, fraud, child pornography, computer hacking and many more.

As stated, although you may have guessed the fields listed above, there are computer forensics fields that you may not have guessed either. Computer forensics is indeed not isolated to online crimes. Many instances involve the use of computer forensics to solve violent crimes such as homicides, rapes, kidnapping and even assault and stalking. Forensics examiners use computer, cell phones and other electronic device analysis containing evidence of crimes, suspects and their victims. So it comes as no doubt that with the increase in both computer-related and non-related crimes, the demand for computer forensics specialists in a number law enforcement capacities, as well as private consulting agencies, has skyrocketed, and is expected to continue.

What is Computer Forensics?

The definition of computer forensics is the gathering of digital evidence, pieces of information from computers and other personal electronic devices, including computers, laptops, cell phones, etc. This gathering of evidence many times involves searching for files, emails, calls or other correspondences, pictures or video, internet search history or many other types of data. This information may then be used as evidence for anything from locating suspects to providing evidence toward a criminal prosecution in a court of law.

What is Cyber Crime, Exactly?

Unfortunately, much of the work done today in the computer forensics labs of America's law enforcement agencies is child pornography and exploitation. However, these agencies work harder each year, learning more about how to find the evidence needed to convict these criminals, as well as how to find additional suspects through new forensics methods.

Additional common crimes include identify theft and online fraud, especially with the rise of online commerce and companies such as eBay, Amazon and Overstock.com. Intellectual property theft is also a growing problem, however many foreign and developing countries struggle with this more than the US. unfortunately, as business becomes more international each year, American companies fall victim to intellectual property theft from countries such as China more and more. This then becomes an international matter, for federal agencies such as the CIA and the State Department.

What are some Career Options?

To put it quite simply, the most common areas to find computer forensics specialists are with local and state police, FBI, CIA and various consulting agencies. This brings about two main areas of practice: law enforcement and private forensic consulting agencies.

Law Enforcement

Although starting mostly with government and military cases, digital data began to be used for evidence more and more in the 1970s and 80s. Computer-related crimes have increased exponentially over the past decades, and law enforcement agencies have added forensics to just about every office in the nation. Most local and state police departments hire professionals 'in house' dedicated solely to computer forensic. The leader, however, is the FBI. The Computer Analysis and Response Team (C.A.R.T.) is tied to every law enforcement agency in the country, as they are the only one with jurisdiction between state lines. As computers and internet lines know no state boundaries, the FBI is in a leadership position to find and prosecute these criminals.

Private Consulting Agencies

Consulting agencies work mostly with corporations and business, however they work for individuals as well. Many of these investigations involve intellectual property theft, sexual harassment, corporate fraud and misuse of investor funds. These agencies can also be hired much like private investigators, to track anything from theft to embezzlement to adultery.

This is merely an overview of the types of investigations one would find with computer forensics careers. A degree in computer forensics or a closely related field such as computer science, information security or information technology is helpful, but not always necessary, depending on who your future employer is.

Computer Forensics - Fingerprint Test

2010-02-18T01:45:00.002+07:00

Today's news article on computer forensics is about hacking encrypted Fingerprint USB drives. The encryption being talked about is AES 256 hardware encryption, which til date use to be considered a very reputable and safe standard in the world of digital and computer forensics. You must have seen online advertisements about the most secure hardware based AES 256 bit encrypted Fingerprint USB drives from popular brand names such as Kingston USB and SanDisk USB, these are the ones that have been found to be completely vulnerable by a computer forensic company based off Germany called SySS. Their tests show a major design vulnerability that can decrypt the present information on the thumb drive.

SySS is a German company that specializes in Computer and IT Forensics. In a nutshell how they are able to read encrypted data is very simple, it does not even require to put in your password. When a user enters their correct password on the key to decrypt the information, the hardware algorithm passes through a particular string of information or characters to the device storage system which presents the information to the user in clear text. The flaw however comes in with the fact that this "String" passed through after a valid session for any password, is always the same!

SySS used their computer forensic know how to interpret this "string" and were able to demonstrate how they can pass this on to the hardware device and get decrypted information every time. There are two White Papers published by the company on their website that explains this much in depth. This discovery has major implications on Corporate and Law Enforcement officials which often carry sensitive information on such encrypted devices. As a matter of fact, there is school of thought around which is debating if law courts will now accept hardware encrypted thumb drives as "unaltered" secure evidence.

The Benefits of Computer Forensics to Law Enforcement Agencies

2010-01-29T21:30:00.004+07:00

Do you know that there is also an investigation happening in the computer world? This is called a computer forensics. It is like an investigation done by police and special agents to solve a crime. This type of analysis uses advanced technologies, applications, and hardware to solve a crime.

A computer forensic scientist does the job of solving a crime through analyzing data in a computer related to the incident. This may include email conversations, hidden and deleted files. This is also the study of the flow of information on the computers, and the science interchanging communication from one PC to another. The result can be used by law enforcement agencies to support their evidence on the crime happened.

As you may know, computers process data and communicate through binary codes such as 1 and 0. It does not understand human language but it only translates them before processing. Using forensic science, it is easier to track the history and trace events related to the crime. Using analysis tools and utilities, a scientist can gather information to serve as additional evidence.

Most of us think that the data we deleted on the computer are permanently gone on the computer storage. Actually, simply pressing the delete key on your keyboard just deletes the file location on the index database of the hard disk but not the actual data itself. With the use of an effective data recovery tool, files you deleted even months ago can be retrieved.

Tracking of emails, instant messaging, and any type of communication being used by human is also one aspect of computer forensics. Also, with the use of packet sniffers, this software can get information in real-time, once placed in a convenient data stream. Data being sent from one computer to another can be captured easily.

Computer forensics can be used to provide supporting information and evidence to solve a problem. Law enforcement authorities will benefit from this technology being offered by advanced technologies and techniques. Anyone with the perseverance and skills can try to learn this career. When it comes to outsourcing, you do not need to hire a computer expert working remotely on the other side of the world due to the confidentiality of data.

Computer Forensics - New Decade, New Challenges

2010-01-29T21:29:00.003+07:00

Computer crime has been the ugly side of the Internet revolution and its rise cannot unfortunately, be seen as a surprise. There are always those who will look to exploit and 'game' systems, look for loop holes and make a quick buck. Computers have provided criminals with a new arena to participate in and as a result, crime-fighting techniques have had to advance and adapt to the new playing conditions and through advanced computer forensics, the evidence suggests they are doing a good job of keeping up.

Computer forensics can also be used to prove innocence as well as convict the guilty. A typical computer forensic investigation can involve recovering data that was thought to be lost from hard drives and networks. Recovering data that has thought to have been deleted, decrypting data using advanced algorithms and building usage profiles can all be used when put together to build a case against someone accused of a digital crime.

As we move into another decade there is no sign of computer use and misuse slowing down. An internet connection is almost as common as a television for most households in the western world and it is unusual to meet someone who doesn't have an e-mail address. The widespread growth of Internet services which now includes banking, grocery shopping and all matter of digital media means there is a whole digital economy developing.

With more money, banking details and personal information circulating around the globe every second of every day there are more opportunities for criminals to operate online than ever before. Computer forensics is one such method being used to fight crime online and convict those participating in unscrupulous schemes. Mobile phones, PDA's and other portable devices can be analyzed as well as audio visual data such as video and sound recordings. Computer and digital crime always leaves a trail, and it is computer forensics experts that step in, find the trail and paint the whole picture of what has happened - a role that will continue to be vital through the next decade and is likely to be for many more to come.

What Do You Mean by Computer Forensics.

2010-01-29T21:28:00.002+07:00

The term forensics is often associated with the tangible objects that became part of a crime. But since law-breaking is no longer limited to delinquent acts but have been embraced by the machines as well, there is now a term called computer forensics.

This is investigating and analyzing through the use of computers to get legal evidences. This is in relation to the computer-related crimes that are now possible such as theft of intellectual property, fraud, and so many others. The experts on this field have a wide array of techniques that can recover the deleted files, decrypt codes, or retrieve the damaged information in the machine. However, before you become one of the computer forensics specialists, it is important that you know the ins and outs of both computer hardware and software since you would not deal on data inside the computer alone.

The experts in computer forensics ensure that as much as possible, no evidence will be compromised while they are still investigating the crime. Moreover, they should have the ability to prevent malware infection while they are under the process of investigation. They are also responsible for keeping all the information private especially if it is related to the details regarding an attorney and a client. These are just some of the responsibilities of a machine forensics expert.

Various steps are taken when identifying and retrieving the evidences that may exist on the system. Aside from protecting it from any damage, alteration or viruses, it is also important that they recover all the files even those that were already deleted. In case there are also files protected by data security, encrypting these data is also part of the process as well. All of the things that they will discover on the computer system must be printed at the same time after they have finished the analysis.