DeutschRansom94
Aus Salespoint
Introduction Computer forensics is the practice of collecting, analysing and reporting on digital information in a way which is legally admissible. It could be applied at the detection and prevention of crime and in any dispute where evidence is stored digitally. Computer forensics has similar examination stages to other forensic disciplines and faces similar concerns.
About this guide This guide discusses personal computer forensics from a neutral perspective. It just isn't linked to certain legislation or intended to promote a specific company or item and isn't written in bias of either law enforcement or commercial computer forensics. It is aimed at a non-technical audience and provides a high-level view of laptop or computer forensics. This guide makes use of the term "laptop or computer", in spite of this the concepts apply to any device capable of storing digital data. Where methodologies have been mentioned they're supplied as examples only and do not constitute tips or suggestions. Copying and publishing the whole or part of this article is licensed solely under the terms of the Creative Commons - Attribution Non-Commercial 0 license
Uses of personal computer forensics There are couple of areas of crime or dispute exactly where laptop forensics cannot be utilised. Law enforcement agencies have been among the earliest and heaviest users of personal computer forensics and as a result have at all times been in the forefront of developments at the field. Computers may perhaps constitute a 'scene of a crime', by way of example with hacking [ one] or denial of service attacks or they may perhaps hold evidence in the sort of emails, on the internet history, documents or other files relevant to crimes including murder, kidnap, fraud and drug trafficking. It isn't basically the content material of emails, documents and other files which will be of interest to investigators even so too the 'meta-data' associated with those files. A computer system forensic examination might reveal once a document 1st appeared on a pc, once it was last edited, when it was last saved or printed and which user accomplished these steps.
Guidelines For evidence to be admissible it must be reliable and not prejudicial, meaning that at all stages of this process admissibility should be in the forefront of a computer forensic examiner's mind. One set of recommendations which has been widely accepted to help in this will be the Association of Chief Police Officers Good Practice Guide for Computer Based Electronic Evidence or ACPO Guide for brief. Although the ACPO Guide is aimed at United Kingdom law enforcement its most important principles are applicable to all computer forensics in whatever legislature. The 4 most important principles from this guide have been reproduced under (with references to law enforcement removed):
No action must alter data held on a pc or storage media which is often therefore relied upon in court.
In cases where a person finds it crucial to access original data held on a laptop or computer or storage media, that person need to be competent to do so and be able to give evidence explaining the relevance as well as the implications of their actions.