In this article we will look at what is the process in approaching a computer forensics investigation.
The phases in a computer forensics investigation are:
- Secure the subject system
- Take a copy of hard drive/disk
- Identify and recover all files
- Access/view/copy hidden, protected, and temp files
- Study special areas on the drive
- Investigate the settings and any data from programs on the system
- Consider the system from various perspectives
- Create detailed report containing an assessment of the data and information collected
Watch this video on approaching a computer forensics inverstigation
Things to be avoided during forensics investigation:
- Changing date/timestamps of the files
- Overwriting unallocated space
Things that should not be avoided during forensics investigation:
- Engagement contract
- Non-Disclosure Agreement (NDA)
Elements addressed before drawing up a forensics investigation engagement contract:
- Authorization
- Confidentiality
- Payment
- Consent and acknowledgement
- Limitation of liability
General steps in solving a computer forensics case are:
- Prepare for the forensic examination
- Talk to key people about the case and what you are looking for
- Start assembling tools to collect the data and identify the target media
- Collect the data from the target media
- Use a write blocking tool while performing imaging of the disk
- Check emails records too while collecting evidence
- Examine the collected evidence on the image that is created
- Analyze the evidence
- Report your finding to your client
Suryateja Pericherla, at present is a Research Scholar (full-time Ph.D.) in the Dept. of Computer Science & Systems Engineering at Andhra University, Visakhapatnam. Previously worked as an Associate Professor in the Dept. of CSE at Vishnu Institute of Technology, India.
He has 11+ years of teaching experience and is an individual researcher whose research interests are Cloud Computing, Internet of Things, Computer Security, Network Security and Blockchain.
He is a member of professional societies like IEEE, ACM, CSI and ISCA. He published several research papers which are indexed by SCIE, WoS, Scopus, Springer and others.
Leave a Reply