Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Web Research Project for Chapter 9: Computer Forensics Chapter 9 talked about co

ID: 3850936 • Letter: W

Question

Web Research Project for Chapter 9: Computer Forensics

Chapter 9 talked about computer forensics and how it works. Research the Internet to answer the following questions:

What is computer forensics?

How is it used?

What are some of the challenges in the field of computer forensics?

Write a brief paper (1-2 pages) answering these questions and include at least two ideas about possible future uses for computer forensics.

Suggested Websites

https://forensiccontrol.com/resources/beginners-guide-computer-forensics/

http://www.criminaljusticedegreeschools.com/criminal-justice-degrees/computer-forensic-degree/

http://www.forensicfocus.com/the-darker-side-of-computer-forensics

http://www.anushreepatil.myewebsite.com/articles/advantages-and-disadvantages-of-computer-forensics.html

http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=1136&issue_id=32007

Suggested Keywords

computer forensics, advantages disadvantages computer forensics, how computer forensics works, challenges of computer forensics, degree computer forensics

Explanation / Answer

What is computer forensics?

Computer forensics is the practice of collecting, analysing and reporting on digital data in a way that is legally admissible. It can be used in the detection and prevention of crime and in any dispute where evidence is stored digitally. Computer forensics follows a similar process to other forensic disciplines, and faces similar issues.

How is it used?

Computers may constitute a ‘scene of a crime’, for example with hacking [1] or denial of service attacks [2] or they may hold evidence in the form of emails, internet history, documents or other files relevant to crimes such as murder, kidnap, fraud and drug trafficking.

It is not just the content of emails, documents and other files which may be of interest to investigators but also the ‘metadata’ [3] associated with those files. A computer forensic examination may reveal when a document first appeared on a computer, when it was last edited, when it was last saved or printed and which user carried out these actions.

More recently, commercial organisations have used computer forensics to their benefit in a variety of cases such as;

* Intellectual Property theft
* Industrial espionage
* Employment disputes
* Fraud investigations
* Forgeries
* Bankruptcy investigations
* Inappropriate email and internet use in the work place
* Regulatory compliance

What are some of the challenges in the field of computer forensics?

The challenges facing computer forensics examiners can be broken down into three broad categories: technical, legal and administrative.

Technical issues

Encryption – Encrypted data can be impossible to view without the correct key or password. Examiners should consider that the key or password may be stored elsewhere on the computer or on another computer which the suspect has had access to. It could also reside in the volatile memory of a computer (known as RAM [6]) which is usually lost on computer shut-down; another reason to consider using live acquisition techniques, as outlined above.

Increasing storage space – Storage media hold ever greater amounts of data, which for the examiner means that their analysis computers need to have sufficient processing power and available storage capacity to efficiently deal with searching and analysing large amounts of data.

New technologies – Computing is a continually evolving field, with new hardware, software and operating systems emerging constantly. No single computer forensic examiner can be an expert on all areas, though they may frequently be expected to analyse something which they haven’t previously encountered. In order to deal with this situation, the examiner should be prepared and able to test and experiment with the behaviour of new technologies. Networking and sharing knowledge with other computer forensic examiners is very useful in this respect as it’s likely someone else has already come across the same issue.

Anti-forensics – Anti-forensics is the practice of attempting to thwart computer forensic analysis. This may include encryption, the over-writing of data to make it unrecoverable, the modification of files’ metadata and file obfuscation (disguising files). As with encryption, the evidence that such methods have been used may be stored elsewhere on the computer or on another computer which the suspect has had access to. In our experience, it is very rare to see anti-forensics tools used correctly and frequently enough to totally obscure either their presence or the presence of the evidence that they were used to hide.

Legal issues

Legal issues may confuse or distract from a computer examiner’s findings. An example here would be the ‘Trojan Defence’. A Trojan is a piece of computer code disguised as something benign but which carries a hidden and malicious purpose. Trojans have many uses, and include key-logging [7]), uploading and downloading of files and installation of viruses. A lawyer may be able to argue that actions on a computer were not carried out by a user but were automated by a Trojan without the user’s knowledge; such a Trojan Defence has been successfully used even when no trace of a Trojan or other malicious code was found on the suspect’s computer. In such cases, a competent opposing lawyer, supplied with evidence from a competent computer forensic analyst, should be able to dismiss such an argument. A good examiner will have identified and addressed possible arguments from the “opposition” while carrying out the analysis and in writing their report.

Administrative issues

Accepted standards – There are a plethora of standards and guidelines in computer forensics, few of which appear to be universally accepted. The reasons for this include: standard-setting bodies being tied to particular legislations; standards being aimed either at law enforcement or commercial forensics but not at both; the authors of such standards not being accepted by their peers; or high joining fees for professional bodies dissuading practitioners from participating.

Fit to practice – In many jurisdictions there is no qualifying body to check the competence and integrity of computer forensics professionals. In such cases anyone may present themselves as a computer forensic expert, which may result in computer forensic examinations of questionable quality and a negative view of the profession as a whole.

Related Questions

Weatherwise is a magazine published by the American Meteorological Society. One
Question #3249230
Weatherwise is a magazine published by the American Meteorological Society. One
Question #3376716
Weave Stove Company is developing a “professional” model stove aimed at the home
Question #2435607
Weaver Chocolate Co. expects to earn $3.50 per share during the current year, it
Question #2678231
Weaver Chocolate Co. expects to earn $3.50 per share during the current year, it
Question #2678242
Weaver Chocolate Co. expects to earn $3.60 per share during the current year, it
Question #2637091
Weaver Company Comparative Balance Sheet December 31, 2015 and 2014 2015 2014 $1
Question #2586372
Weaver Company Comparative Balance Sheet December 31, 2015 and 2014 2015 2014 As
Question #2571306
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Web Research Project for Chapter 8: Smartphone Comparison Smartphones have one o
Next
Web Scripting (PHP) Please create a two part form (an .html form and a form hand

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.