| |
 |
|
|
|
|
|
|
| |
 |
WestNet Computer Forensics has expertise with
all types of cases where electronic stored information
needs to be recovered, processed and analyzed. We
are based in Los Angeles.
|
WestNet works with all types of businesses including
individuals, small businesses, law firms, government
agencies and fortune 500 companies in assistance
with electronic data discovery.
|
| |
Computer Forensics: Frequently Asked Questions
Q. What is Computer
Forensics?
A. There a number of slightly varying
definitions around. However, generally, computer
forensics is considered to be the use of analytical
and investigative techniques to identify, collect,
examine and preserve evidence/information which
is magnetically stored or encoded.
Q. What is the objective
of this?
A. Usually to provide digital evidence
of a specific or general activity.
Q. To what ends?
A. A forensic investigation can
be initiated for a variety of reasons. The most
high profile are usually with respect to criminal
investigation, or civil litigation, but digital
forensic techniques can be of value in a wide variety
of situations, including perhaps, simply re-tracking
steps taken when data has been lost.
Q. What are the common
scenarios?
A. Wide and varied! Examples include:
- Employee internet abuse (common, but decreasing)
- Unauthorized disclosure of corporate information
and data (accidental and intentional)
- Industrial espionage
- Damage assessment (following an incident)
- Criminal fraud and deception cases
- More general criminal cases (many criminals simply
store information on computers, intentionally or
unwittingly)
- Divorce
- and countless others!
Q. How is a computer
forensic investigation approached?
A. It's a detailed science. However,
very broadly, the main phases are sometimes considered
to be: secure the subject system (from tampering
during the operation); take a copy of hard drive
(if applicable); identify and recovery all files
(including those deleted); access/copy hidden, protected
and temporary files; study 'special' areas on the
drive (eg: residue from previously deleted files);
investigate data/settings from installed applications/programs;
assess the system as a whole, including its structure;
consider general factors relating to the users activity;
create detailed report. Throughout the investigation,
it is important to stress that a full audit log
of your activities should be maintained.
Q. Is there anything
that should NOT be done during an investigation?
A. Definitely. However, these tend
to be related to the nature of the computer system
being investigated. Typically though, it is important
to avoid changing date/time stamps (of files for
example) or changing data itself. The same applies
to the overwriting of unallocated space (which can
happen on re-boot for example). 'Study don't change'
is a useful catch-phrase.
Check out our
Computer Forensics World
for everything to know about computer forensics
science.
|
|
|
|
|
|
|
|
