It is increasingly used because we are increasingly related to new technologies and can solve police and judicial cases.
Computer forensics is the science of acquiring, preserving, obtaining and presenting data that has been processed electronically and stored on computer media. It is an increasingly common practice due to the use that we all currently make of new technologies, and that allows us to solve police or judicial cases.
Both state security forces and bodies and forensic computer experts use specific tools and procedures to collect information from devices ranging from computers or mobile phones to email servers, for example.
Although a crime is not computer science, there is digital evidence, and since all the activities that are carried out with a device (manually or automatically) leave a test, it is possible that it is analyzed along with the rest of the tests. A case.
Sending emails, IP addresses, geographic locations, access to systems, browsing histories, chats, deletion of data and a host of information is analyzed to investigate crimes against intellectual property, industrial espionage, breach of privacy or data theft , among others.
In the event of a problem that is susceptible to analysis in a company, it is the personnel specialized in technology that is usually the one that warns that it has detected an anomalous operation, such as blocked accounts, disappearance of files with critical information, alarms of security systems, to mention a few examples.
Although it depends a lot on the type of analysis of the information, the crime and the time available to collect data, it is very important to determine which devices may be related to the case being examined; although it may happen that during the process new data or devices that have to be analyzed appear.
Once the devices have been identified, it is essential to collect those tests in order, since there is more volatile information than another and may disappear, for example, when turning off a computer.
Once the most volatile information is collected, duplicates of the contents of the devices (hard disks) are made in order to maintain the integrity of the evidence and the chain of custody of the same.
This fact is of vital importance, since maintaining the chain of custody and the integrity of the test ensures that the stored data has not been altered or manipulated, since if this can not be guaranteed, it is very likely that during the trial the analysis be invalidated.
After making the necessary copies, different techniques of forensic analysis will be used depending on the nature of the case to recover files, analyze the use of a device by a user, connections with other devices, times of use, etc. In addition, it is important to identify the information accessed and extracted from the devices, since it can be a crucial aspect when it comes to an investigation.
All the information obtained will be used by the forensic expert who manages the case to reconstruct the facts based on the evidence collected and the correlation of the events through a timeline.
The timeline, in any forensic investigation, is very important, since analyzing the data in chronological order is crucial to know the temporality of the actions, and it must be taken into account especially when it is necessary to analyze different devices or information that is in another hour use
In addition, it is necessary to take into account that the time stamps of the files (creation, modification and access) are susceptible to be changed intentionally by an attacker or malicious user, with which special care should be taken in the analysis of the data, since its hypothesis could be sustained on events modified in a malicious way to divert attention.
The analyzes are always performed on the copies made and not directly on the devices or data collected, since they would be altered and would not be expected to be accepted as evidence in a trial. In fact, once the copy is made, these devices should remain unchanged and in disuse.
Date update on 2018-11-27. Date published on 2018-11-27. Category: windows Author: Oscar olg Fuente: tribunasalamanca