Issues in Computer Forensics
Issues in Computer Forensics
Issues in Computer Forensics
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
important part of the <strong>in</strong>vestigation s<strong>in</strong>ce this is where <strong>in</strong>crim<strong>in</strong>at<strong>in</strong>g evidence may be<br />
found.<br />
Part of the analysis process is spent <strong>in</strong> the recovery of deleted files. The job of the<br />
<strong>in</strong>vestigator is to know where to f<strong>in</strong>d the remnants of these files and <strong>in</strong>terpret the results.<br />
Any file data and file attributes found may yield valuable clues. Investigation of<br />
W<strong>in</strong>dows and Unix systems are similar <strong>in</strong> some ways, but the forensic analyst can tailor<br />
the <strong>in</strong>vestigation to one or the other s<strong>in</strong>ce each operat<strong>in</strong>g system is different <strong>in</strong> unique<br />
ways. If deleted data could not be recovered through the use of common forensic tools,<br />
more sensitive <strong>in</strong>struments can be used to extract the data, but this is rarely done because<br />
of the high cost of the <strong>in</strong>struments.<br />
Data recovery is only one aspect of the forensics <strong>in</strong>vestigation. Track<strong>in</strong>g the<br />
hack<strong>in</strong>g activities with<strong>in</strong> a compromised system is also important. With any system that<br />
is connected to the Internet, hacker attacks are as certa<strong>in</strong> as death and taxes. Although it<br />
is impossible to completely defend aga<strong>in</strong>st all attacks, as soon as a hacker successfully<br />
breaks <strong>in</strong>to a computer system the hacker beg<strong>in</strong>s to leave a trail of clues and evidence that<br />
can be used to piece together what has been done and sometimes can even be used to<br />
follow a hacker home. <strong>Computer</strong> forensics can be employed on a compromised system to<br />
f<strong>in</strong>d out exactly how a hacker got <strong>in</strong>to the system, which parts of the system were<br />
damaged or modified. However, system adm<strong>in</strong>istrators must first be educated <strong>in</strong> the<br />
procedures and methods of forensic <strong>in</strong>vestigation if a system is to be recovered and<br />
protected. With the help of computer forensics, adm<strong>in</strong>istrators are able to learn about<br />
mistakes made <strong>in</strong> the past and help prevent <strong>in</strong>cidents from occurr<strong>in</strong>g <strong>in</strong> the future.<br />
2