Computer forensic is "the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law". The goal of computer forensic is to identify, collect, preserve, and analyze data so that the evidence found can be used in a court of law. There are two types of data collected: (1) persistent data—dead; and (2) volatile data—alive. The first type is those stored in the hard drive after the computer is turned off. The second type is those stored temporarily in the cache, and RAM (Random Access Memory) that will be erased when the computer is turned off. There are five basic steps to computer forensics: (1) preparation by the investigators, to prepare tools proper for use in court, (2) collection, (3) examination, (4) analysis, and (5) reporting.
Computer
forensic is very important because it may determine a court decision. There
have been many regulations and laws passed recently that mandate liability to
companies, especially those relate to communication networks, if they were to lose
the data belonged to their customers. Furthermore, if computer forensic is
successfully carried out, it can discover hackers that attempt to intrude the
system. This applies from big company networks to
personal computers. On the other hand, computer forensic can also be applied to
find evidence against any illegal activities by companies or its employees.
 |
| Computer Forensics Kit |
No comments:
Post a Comment