Join Jungwoo Ryoo for an in-depth discussion in this video Goals of computer forensics, part of Learning Computer Forensics.
To understand computer forensics you must know what it tries to accomplish. The ultimate goal of computer forensics is to produce evidence for legal cases, to achieve this ultimate goal there are some objectives you need to work on. The first objective is to prepare for an investigation. For example, write protecting your evidence drive is one of the ways to prepare for your investigation. The second objective is to acquire data. Acquiring data here means, simply making a copy of your evidence drive.
So that when you're doing your investigation, you only work on the copy of the evidence drive, rather than the evidence drive, itself. Once you have your data acquired, the next step is to analyze the data. Conducting a search based on a keyword, could be a good example of analyzing the data. Finally, the last step is to identify evidence and present it in the form of a written report. A lot of times these reports are auto generated by your computer forensics tool but you still have to edit this auto generated report, as a computer forensics investigator.
When these objectives of computer forensics are accomplished, it is safe to say that a computer forensics investigator is now ready to submit evidence.
- Understanding computer forensics
- Understanding partitioning
- Using a hex editor
- Preparing a target drive
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report