Page 6 - cyber law new
P. 6
Cyber Crime and Law specialists are called in to seize and gather information from the computers. Computer
forensics is the science of locating; extracting, analyzing and protecting types of data
from different devices, which specialists then interpret to serve as legal evidence.
Notes Computer crimes have been occurring for nearly 30 years, since computers were
being used in production. Evidence can be derived from computers and then used in
court. Initially, judges accepted the computer-derived evidence as no different from other
forms of evidence; however, as data became more ambiguous with the advancement of
computers, they were not as reliable.
Computers have become an important part of our lives and as such are involved
in almost everything we do from paying bills to booking vacations. However, computer
systems have also become the mainstay of criminal activity. And when the individuals
involved are brought before the courts, innocence or guilt is basically decided by
testimonies and evidence. Of the two areas, evidence is probably the area most key.
And when it comes to evidence it is the accuracy of that evidence which may be the
difference in determining the outcome of the trail. Relying more and more on the evidence
extracted from computer systems to bring about convictions has forged a new means
of scientific investigation. The term used to coin this area of investigation is computer
forensics. It is an area of science that has come under the scrutiny of law enforcement,
federal, state, and local government officials. And the reason for the scrutiny revolves
around the cleanliness’ of the data being presented.
Computer forensics involves the preservation, identification, extraction,
documentation and interpretation of computer data. The three main steps in any computer
forensic investigation are acquiring, authenticating, and analyzing of the data. Acquiring
the data mainly involves creating a bit-by-bit copy of the hard drive. Authentication is
the ensuring that the copy used to perform the investigation is an exact replica of the
contents of the original hard drive by comparing the check sums of the copy and the
original. Analysis of the data is the most important part of the investigation since this
is where incriminating evidence may be found.
Part of the analysis process is spent in the recovery of deleted files. The job of
the investigator is to know where to find the remnants of these files and interpret the
results. Any file data and file attributes found may yield valuable clues. Investigation
of Windows and UNIX systems are similar in some ways, but the forensic analyst can
tailor the investigation to one or the other since each operating system is different in
unique ways. If deleted data could not be recovered through the use of common forensic
tools, more sensitive instruments can be used to extract the data, but this is rarely done
because of the high cost of the instruments. Data recovery is only one aspect of the
forensics investigation. Tracking the hacking activities within a compromised system
6 Self Learning Material
