The art involving the identification, recovery, preservation, analysis of data related to a criminal act is called forensic science for computers. It is the same as data recovery process from a computer and its peripherals but is bound by some guidelines that make it mandatory for audit to be done on the whole procedure. Even if this procedure is used for solving cyber crimes, the reports are also allowed to be used in civil courts. The evidence obtained from this process has been declared by the courts in US and Europe to be highly dependable and acceptable for court proceedings.
Procedures and techniques
The whole procedure of computer forensics may appear to be very easy on TV, but is actually very difficult to perform. Any process related to computer forensics is made up of acquisition of data, examination of acquired data, analysis of the data and creation of reports based on the analysis. The different techniques that are used for this job are:
- Analysis across drives – In this technique the data obtained from different hard disks are correlated to create a full picture of the crime.
- Analysis of live data – The Sysadmin tools of the computer having the criminal data is used to extract the evidence of the criminal act. An image of the logical hard drive is obtained for analysis before the computer is shut down.
- Recovery of deleted files – Most of the times files that were deleted by the criminal have to be recovered. The forensic experts use their own special recovery tools to recover the deleted data. It is helped by the fact that though the computer shows that the files have been deleted actually it does not physically delete the files that can be recovered later.
- Use of stochastic methods – Though computers work in precise and specific modes sometimes it becomes difficult to analyze the acquired data easily. At this time stochastic or random modes are used to determine the mode of operation carried out by the criminal to steal data.
- Use of steganographic methods – This is a procedure to find out when an image is hiding other images that the criminal does not want others to see. These are usually pornographic pictures or movies that are banned by the authorities. The images that are present in the computer are analyzed in comparison to the original images. If there is anything is hidden behind them, it comes to light when the hashed original image gets changed by the hidden image.
A difficult job
With the huge rise of cyber crimes in the age of the internet, the job of people involved in computer forensics has become an uphill task. The companies who play for high stakes are always under threat of theft of data by a rival company. Cyber crimes against unsuspecting people have grown manifold. Children and teens are being lured into unsavory situations by others. The Cyberspace has become jammed with all sorts of criminal activities that are being carried out by a section of people who are out for monetary gain. The forensic experts sometimes have a tough time to prevent the crimes from taking place. But the forensics experts are soldiering on as they have to stop the disease from spreading as much as they can.