Learning Infomation Security: What is mean by computer forensics

Computer forensics is also known by the name of digital forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage media.

The goal of computer forensics is to explain the circumstances now are of a digital artifact. The term digital artifact can include a computer system, storage media (such as flash disk, hard disk, or CD-ROM), an electronic document (e.g. an email message or JPEG images), or even a series of packages that are switching in computer networks. The explanation could be simply "there's information here?" to "elaborate as what the sequence of events that led to the current situation?".

Computer forensics is also used to eradicate corruption and fraud (fraud) in cyberspace (internet). The investigation of corruption and fraud carried out by taking electronic data and then analyzed for use in court (admissible) as evidence of the legal data records should not be subjected to the slightest changes of the initial conditions of the data found. If the data is changed then it cannot be used in court (the data are no longer authentic).

The use of computer forensics for example for:

1. looking for evidence of fraud or corruption committed by employees

2. Performs analysis on a compromised computer system hackers. How do the hackers get access and what it does.

3. do the recovery lost data either intentional or not, even after a hard disk format or the use of others.

To be submitted as electronic evidence in court, the results of computer forensics should be:

1. meet certain standards, namely (1) admissible (2) authentic (3) complete (4) believable (5) reliable

2. computer forensics tools must be validated methodology. who know but just doang ngakunya abal-abal

3. the electronic storage media must be clearly marked ' chain of custody ' since the initial capture until finally submitted to the Court

4. in general the electronic storage media examination should be done at the owner's permission (with a letter of approval or ' letter of consent '), unless it is done by the authority of law (in wake of indo Attorney, police, KPK)

In the process of computer forensics, data retrieval is known by the term ' computer forensic imaging ' where the suspect hard drives made copy of it is exactly the same (including also the data that was deleted and the technical areas of the hard drive unreadable in the operating system).

Software used on computer forensics is forensic imaging with the aim is make copies of identical electronic data from the target. Imaging process keeping in order that preliminary data do not experience changes with how to make the ' write blocked'terhadap electronic storage media. The Hardware and software that are used specifically for keeping the data in order to remain intact as before (no change) can even evoke the files that have been erased. It aims to find evidence of perpetrators of corruption and fraud.

Some of the vendors who provide computer forensics technology such as Parabens, Guidance (EnCase), GetData (Mount Image), etc.

Searching Unallocated and Slack Space for Text

Now let’s go back to the original image. The restored disk (or loopmounted disk image) allowed you to check all the files and directories (logicalview). What about unallocated and slack space (physical view)? We will now

analyze the image itself, since it was a bit for bit copy and includes data in theunallocated areas of the disk.Let’s assume that we have seized this disk from a former employee of alarge corporation. The wouldbe cracker sent a letter to the corporationthreatening to unleash a virus in their network. The suspect denies sending theletter. This is a simple matter of finding the text from a deleted file (unallocatedspace).