Join Jungwoo Ryoo for an in-depth discussion in this video Types of computer forensics investigations, part of Computer Forensics Essential Training.
- View Offline
There are primarily two different types of computer forensic investigations, one is public and the other is private. Public investigations occur in the context of criminal cases, usually conducted by the law enforcement officers and driven by the statues in the criminal law. Some examples of public investigations involved drug dealers sexual exploitation and theft, private investigations occur in the context in the context of civil cases in fact organizations they try to avoid any form of litigations due to the enormous cost associated with them.
Therefore many of the private investigations turn out to be simply internal cases. Private investigations are typically conducted by corporations or any other types of organizations out there, they're driven by the statues of the civil law or organizational policies. One of the most important things to consider in private investigations is business continuity. If your investigation is hurting your business continuity, the investigation is not probably worth it.
Therefore, your priority has to be, really stopping the violations, rather than litigating anybody. So, if the examples of private investigations involve sabotage, embezzlement and industrial espionage. The boundary between public and private investigation is not always very clear. For example when your investigating an employee for potential violation of company polices and somehow come across a sexually explicit material. The case quickly turns into a public case because of this reason, as a computer forensics investigator, you should be able to handle both public and private cases.
- Understanding computer forensics
- Understanding partitioning
- Using a hex editor
- Preparing a target drive
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report