21-05-2012, 12:46 PM
Guide to Computer Forensics and Investigations
Guide to Computer Forensics and Investigations.ppt (Size: 591.5 KB / Downloads: 179)
Preparing a Computer Investigation
Role of computer forensics professional: gather evidence to prove a suspect committed a crime or violated a company policy
Collect evidence that can be offered in court or at a corporate inquiry
Investigate the suspect’s computer
Preserve the evidence on a different computer
Examining a Computer Crime
Computers can contain information that helps law enforcement determine:
Chain of events leading to a crime
Evidence that can lead to a conviction
Law enforcement officers should follow proper procedure when acquiring the evidence
Digital evidence can be easily altered by an overeager investigator
Examining a Company Policy Violation
Companies often establish policies for computer use by employees.
Employees misusing resources can cost companies millions of dollars
Misuse includes:
Surfing the Internet
Sending personal e-mails
Using company computers for personal tasks
Assessing the Case
Systematically outline the case details:
Situation
Nature of the case
Specifics about the case
Type of evidence
OS
Known disk format
Location of evidence