Top
Browse > Home / Tips and Tricks / Computer Forensics - What You Need To Know

Computer Forensics - What You Need To Know

March 20, 2008

forensics If you’re a fan of CSI, you probably know that wherever we go, we leave a physical trace, and that science can be used to find and identify them. 

Long before DNA testing, forensic science was used to reconstruct crime scenes.   A bit of research reveals examples such as the Chinese using fingerprints in the 700’s, and the re-construction of a newspaper fragment in a murder case in 1784.

As computer use is now commonplace, it is not surprising that our movement in cyberspace also leaves a trail. In the privacy of our  offices, secluded corner of Starbucks, or wherever it is we have our computers, it may seem that we’re alone, with no one peeking over our shoulders. But every document we draft, every web page we visit, is leaving footprints in the digital snow of our computers. This fact has a number of implications, some useful and – if you have something to hide - detrimental.

What happens when a file is deleted?

When a file is deleted, one letter of the name of the file is changed so that the operating system ignores its presence (it essentially becomes invisible to the user) and allows it to be overwritten. Surprisingly, not much really happens to the document right away. Over time, it may get overwritten - or it may not.

What happens when visiting a website?

The web browser (Internet Explorer, Firefox, Safari) makes a record of the address of the website and the specific page that includes the date and time, it keeps a record of any "cookie" - data that the website gives the browser - this is called "Internet History". The browser also downloads the images that are on the given web page. All of this information sits on the user’s computer, and the Internet history is updated regularly. Someone trying to cover their tracks may delete the history, and  the web browser makes another history file, deleting the old one. Of course, like with any other document, the deleted history file doesn’t really go away - its name is changed and part or all of it may become overwritten in time.

Computer Forensics

A digital forensic expert, using various software tools can look underneath the images in Windows that a user sees. Using a range of computer forensics suites and data recovery tools, the "digital detective" can recover deleted files, and find thousands of otherwise lost snippets of Internet history, missing emails, and apparently erased images. These processes make up a big part of the science and art of digital forensics.

Good news / Bad News

For the individual, computer forensics can provide the gift of finding data they thought was long lost.

For criminals, it can provide the digital evidence needed to prove cases in a wide variety of offenses, from threats to fraud or child exploitation.

About the Author:
Ken Ivey is a veteran technology addict, consultant, author, web designer, and President of MidTN Technology, a marketing and web design firm.  His website is www.The-Tech-Reporter.com

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • Reddit
  • Technorati
  • blogmarks
  • BlogMemes
  • Fleck
  • Slashdot
  • StumbleUpon
  • YahooMyWeb

Written by the Tech Reporter · Filed Under Tips and Tricks 

Comments

Comments are closed.

Bottom