OonaCraven4

Introduction Computer forensics is the practice of collecting, analysing and reporting on digital information in a way that is legally admissible. It could be employed in the detection and prevention of crime and in any dispute where evidence is stored digitally. Computer forensics has similar examination stages to other forensic disciplines and faces exact same problems.

About this guide This guide discusses laptop forensics from a neutral perspective. It isn't linked to particular legislation or intended to promote a certain business or item and is not written in bias of either law enforcement or commercial personal computer forensics. It is aimed at a non-technical audience and gives a high-level view of computer system forensics. This guide makes use of the term "laptop or computer", still the tips apply to any device capable of storing digital data. Where methodologies have been mentioned they're supplied as examples only and do not constitute points or guidance. Copying and publishing the entire or portion of this write-up is licensed solely under the terms of the Creative Commons - Attribution Non-Commercial 0 license

Uses of computer forensics There are few places of crime or dispute where personal computer forensics cannot be employed. Law enforcement agencies have been amongst the earliest and heaviest users of laptop forensics and as a result have normally been at the forefront of developments in the field. Computers may well constitute a 'scene of a crime', by way of example with hacking [ one] or denial of service attacks or they may perhaps hold evidence at the sort of emails, internet history, documents or other files relevant to crimes such as murder, kidnap, fraud and drug trafficking. It isn't simply the content of emails, documents along with other files which is usually of interest to investigators still at the same time the 'meta-data' related with those files. A personal computer forensic examination may reveal when a document initial appeared on a computer, as soon as it was last edited, once it was last saved or printed and which user accomplished these actions.

Guidelines For evidence to be admissible it ought to be dependable and not prejudicial, meaning that at all stages of this procedure admissibility ought to be at the forefront of a computer forensic examiner's mind. One set of points which has been widely accepted to assist in this will be the Association of Chief Police Officers Good Practice Guide for Computer Based Electronic Evidence or ACPO Guide for short. Although the ACPO Guide is aimed at United Kingdom law enforcement its principal principles are applicable to all computer system forensics in whatever legislature. The four primary principles from this guide have been reproduced below (with references to law enforcement removed):

No action need to alter data held on a personal computer or storage media which can be thus relied upon in court.

In circumstances exactly where a person finds it critical to access original information held on a laptop or computer or storage media, that person should be competent to do so and be able to supply evidence explaining the relevance and the implications of their actions.