Computer Forensics

Sara Jones CSC 105:05

Objectives
The Field of Computer Forensics History of Computer Forensics Collecting Evidence Advantages of Computer Forensics Disadvantages of Computer Forensics How Computer Forensics is used by government, corporate America, and the public Computer Forensic Companies in New Jersey

The Field of Computer Forensics What is Computer Forensics?

Scientific

process of preserving, identifying, extracting, documenting, and interpreting data on computer to obtain potential legal evidence

Used

History of Computer Forensics

Michael Anderson
Father

of computer forensics special agent with IRS

Meeting in 1988 (Portland, Oregon)

creation

of IACIS, the International Association of Computer Investigative Specialists the first Seized Computer Evidence Recovery Specialists (SCERS) classes held

Certification for Computer Investigative Specialists

CEECS (Certified Electronic Evidence Collection Specialist Certification) Awarded to individuals who complete the CEECS regional certification course Also awarded to individuals in the Certified Forensic Computer Examiner course that successfully pass the written test

Certification for Forensic Computer Examiner

Internal Certification Training Program

Must successfully complete two week training course offered by IACIS and correspondence proficiency problems

External Certification Testing Process

Not a training course Testing process

Active Law Enforcement Individuals qualified for IACIS membership

Recertification

Every three years must complete recertification process

Must be in good standing with IACIS Complete proficiency test

Questions to ask Computer Forensic Specialists

What are their daily, weekend, after-hours rates? Do they charge for machine time? Ask how many forensic cases they have worked on Ask how long they have been in the forensic business How many cases have they done similar to yours? Ask to see their training and certifications Ask they if they ever testified as an expert witness Ask them for references from previous clients

Collecting Evidence
Make Exact copies of all hard drives & disks using computer software

Date and Time stamped on each file; used for timeline

Protect the Computer system

Avoid deletion, damage, viruses and corruption

Normal Files Deleted Files Password Protected Files Hidden Files Encrypted Files

Discover files

Reveal all contents of hidden files used by application and operating system Access contents of password protected files if legally able to do so Analyze data Print out analysis

Computer System All Files and data Overall opinion

Provide expert consultation/testimony

How Evidence is Protected

A Computer Forensic Specialist promises to: Not delete, damage or alter any evidence Protect the computer and files against a virus Handle all evidence properly to prevent any future damage Keep a log of all work done and by whom Keep any Client-Attorney information that is gained confidential

Advantages of Computer Forensics

Ability to search through a massive amount of data
Quickly Thoroughly In

any language

Disadvantages of Computer Forensics

Digital evidence accepted into court

must prove that there is no tampering all evidence must be fully accounted for computer forensic specialists must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures

Disadvantages of Computer Forensics

Costs
producing

electronic records & preserving them is extremely costly

Sattar vs. Motorola Inc

Presents the potential for exposing privileged documents Legal practitioners must have extensive computer knowledge

How Computer Forensics are Used

Criminal Prosecutors

Large Corporations

Child Pornography cases

Michael Jackson Case

Embezzlement Insider Trading

Martha Stewart Case

Homicides
Scott Peterson Trial

Embezzlement
John Gotti, Bugsy Siegal

Law Enforcement Any Individual

Financial Fraud
ENRON

Claims
Sexual harassment Age discrimination Wrongful termination from job Background checks

Civil Litigations

Fraud Divorce Breach of Contract Copy right False Accident Reports Workmans Compensation Cases

Insurance Companies

Computer Forensic Services in New Jersey

Computer Forensic Services, LLC All State Investigations, Inc.

Other Computer Forensic Services Locations in New Jersey

Middlesex County
Avenel Carteret Cranbury Dayton Dunellen East Brunswick Edison

Union County
Berkeley Heights Cranford Elizabeth Fanwood Garwood Kenilworth Linden

Ocean County
Barnegat Bayville Beach Haven Beachwood Brick Forked River Jackson

Fords
Highland Park

Plainfield
Rahway

Lakehurst
Toms River

Conclusion
With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.

Bibliography

All State Investigations, Inc. January 2005 http://www.allstateinvestigation.com/ComputerForensicServices.htm Computer Forensics, Inc. http://www.forensics.com/ Computer Forensic Services, LLC. January 2005. http://www.computerforensic.com/index.html International Association of Computer Investigative Specialists. January 2005. http://www.cops.org/ Middlesex County Computer Technology. January 2005. http://www.respond.com/countyguides/1800000002/NJ/023 Virtue, Emily. Computer Forensics: Implications for Litigation and Dispute Resolutions. April 2003. http://ncf.canberra.edu.au/publications/emilyvirtue1.pdf