Startertutorials Blog
Tutorials and articles related to programming, computer science, technology and others.
Pinterest
Youtube
Instagram
Subscribe to Startertutorials.com's YouTube channel for different tutorial and lecture videos.

Approaching a Computer Forensics Investigation

  1. Home »
  2. Security and Hacking »
  3. Approaching a Computer Forensics Investigation »
Categories: Security and Hacking. No Comments on Approaching a Computer Forensics Investigation
5
(1)

In this article we will look at what is the process in approaching a computer forensics investigation.

 

The phases in a computer forensics investigation are:

  • Secure the subject system
  • Take a copy of hard drive/disk
  • Identify and recover all files
  • Access/view/copy hidden, protected, and temp files
  • Study special areas on the drive
  • Investigate the settings and any data from programs on the system
  • Consider the system from various perspectives
  • Create detailed report containing an assessment of the data and information collected

 


Subscribe to our monthly newsletter. Get notified about latest articles, offers and contests.


Watch this video on approaching a computer forensics inverstigation

 

Things to be avoided during forensics investigation:

  • Changing date/timestamps of the files
  • Overwriting unallocated space

 

Things that should not be avoided during forensics investigation:

  • Engagement contract
  • Non-Disclosure Agreement (NDA)

 

Elements addressed before drawing up a forensics investigation engagement contract:

  • Authorization
  • Confidentiality
  • Payment
  • Consent and acknowledgement
  • Limitation of liability

 

General steps in solving a computer forensics case are:

  • Prepare for the forensic examination
  • Talk to key people about the case and what you are looking for
  • Start assembling tools to collect the data and identify the target media
  • Collect the data from the target media
  • Use a write blocking tool while performing imaging of the disk
  • Check emails records too while collecting evidence
  • Examine the collected evidence on the image that is created
  • Analyze the evidence
  • Report your finding to your client

 

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Suryateja Pericherla

Suryateja Pericherla, at present is a Research Scholar (full-time Ph.D.) in the Dept. of Computer Science & Systems Engineering at Andhra University, Visakhapatnam. Previously worked as an Associate Professor in the Dept. of CSE at Vishnu Institute of Technology, India.

He has 11+ years of teaching experience and is an individual researcher whose research interests are Cloud Computing, Internet of Things, Computer Security, Network Security and Blockchain.

He is a member of professional societies like IEEE, ACM, CSI and ISCA. He published several research papers which are indexed by SCIE, WoS, Scopus, Springer and others.

Related Posts

  1. Digital Forensics Life Cycle
  2. Cyberforensics and Digital Evidence
  3. Introduction to Digital Forensics
  4. Challenges in Computer Forensics
  5. The Need for Computer Forensics
  6. Basics of a Computer
  7. Network Forensics
  8. Forensics Auditing
  9. Constructors and Destructors in C++
  10. Antiforensics

Leave a Reply

Your email address will not be published. Required fields are marked *