18-05-2012, 04:13 PM
Techniques in Computer Forensics
IJS-13.pdf (Size: 166.38 KB / Downloads: 98)
INTRODUCTION
Forensic technologies are designed to prepare and extract evidence from a seized computer
system. The basic method of preserving, detecting and obtaining the electronic evidences was
described in [1], [2]. This extraction is performed in such a manner to satisfy the requirements of
the courts [14], [17]. Typically, the data that resides on the fixed drive of a system has been
erased or otherwise altered in order to protect incriminating information. Forensic technologies
make it possible to retrieve such altered data.
WORKING DEFINITION OF COMPUTER FORENSICS
The term computer forensics has many synonyms and contexts. It originated in the late 1980s
with early law enforcement practitioners [15] who used it to refer to examining standalone
computers for digital evidence of crime. Some prefer it to call it as media analysis. Some have
argued that forensic computing is a more accurate term, especially because digital evidence is
increasingly captured from objects not commonly thought of as computers (such as digital
cameras). Despite this one can use the generic term computer forensics.
TYPES OF ATTEMPTS IN DESTROYING FILES
Modern computer hard drives contain an assortment of data, including an operating system
[8][10], application programs, and user data stored in files. Drives also contain backing store for
virtual memory, and operating system’s meta information, such as directories, file attributes, and
allocation tables [8]. Drives include directory blocks, startup software (boot blocks, virgin blocks
that were initialized at the factory but never written).