What is Computer Forensics?
Computer forensics is the investigation and analysis of a suspects computer, to uncover evidence of a crime. For instance, theft of trade secrets, theft or destruction of intellectual property, or fraud. Computer forensics specialists have an impressive arsenal of methods for recovering deleted, encrypted, or damaged files to reveal information stored in a computer.
Methods Employed in Computer Forensics
A computer forensics specialist has several targets in the process of identifying and attempting to retrieve evidence on a computer system.
He must first protect the suspect computer system from any damage or alteration, any corruption of the files, and the possible introduction of a virus during the forensic examination. The examination itself starts with a search for every file on the system. This includes not only existing normal files, but remains of deleted files, and any hidden, encrypted, or password-protected files.
Once these are found, the next step is to recover as much information as possible from any deleted files, reveal the contents of hidden files, and read any temporary or swap files used by applications and the operating system. If any protected or encrypted files are on the system, these will need to be broken into.
He will then analyze all the information that can be found in the usually inaccessible areas of the hard drive. This will include all the 'unallocated' space on a disk, that while currently unused may have previously been used to store information. Other areas to search are the 'slack' space in a file; this is the unused area at the end of a file structure, found in the last assigned disk cluster, that while it may be unused now is another possible region that may have been in use earlier.
When all this is done he will produce an overall analysis of the computer system listing all the possibly relevant files, and any discovered file data he has revealed. Usually he will offer an expert opinion of the general system layout, file structures, discovered data, and the authorship of files as well as any attempts that have been made to hide, delete, protect, or encrypt stored information.
Circumstances in Which Computer Forensics is Used.
There are many types of both criminal and civil proceedings that employ computer forensics specialists.
Computer evidence can be used in any case where incriminating documents are likely to be found on the computer: homicides, financial fraud, and child pornography to give a few examples. Civil cases frequently make use of business and personal records found on computer systems, mainly in fraud, divorce, discrimination, and harassment cases.
Insurance Companies too can mitigate their costs by using discovered computer evidence of possible fraudulent accident claims, arson, and compensation cases. Corporations frequently hire computer forensics specialists to uncover computer evidence evidence relating to sexual harassment, embezzlement, and theft of trade secrets or other confidential information.
Law Enforcement Officials often call for assistance in making pre-search warrant preparations and the handling of seized computer equipment. Though comparatively rare, private individuals may hire computer forensics specialists to support or fight claims of wrongful termination, sexual harassment, or age discrimination.
Andrew Whitehead is a contributor at Free-backup.info -- the home of the popular Amazon S3 based online backup solution -- Back2zip. This article is also at http://free-backup.info/a-trip-into-the-world-of-computer-forensics.html
Send page to a Friend! »
Bookmark this Site! » 
All Podcast »