• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  32. 32
  33. 33
  34. 34
  35. 35

Methods and technology used in Computer Forensics

Extracts from this document...



1.0 Document Overview

2.0 What is Computer Forensics?

        2.1 Uses of Computer Forensics


3.0 Computer Forensics Tools & Applications

        3.1 Hardware

                3.1.1 Standalone Devices

                3.1.2 Integrated Configurations

                3.1.3 Forensic Networks

        3.2 Software

                3.2.1 NIST CFTT, FS-TST & NSRL

4.0 Locating Sensitive Data

5.0 Computer Forensic Techniques

5.1 Recovering Deleted Data

5.2 String Searching

5.3 Registry Reconstruction

6.0 Overcoming Forensic Techniques


7.0 Recovering Deleted Data

8.0 Web Browser Activity Reconstruction

9.0 Analysing Files of Unknown Origin


1.0        Document Overview

This document will examine computer forensics from both a theoretical and practical perspective. Section A will look at the former of these, researching and discussing the various aspects of computer forensics, including important methodologies, technical and practical considerations. Section B will document a series of live tests that I conducted in a virtualised environment, analysing the use of a variety of forensic tools and applications. While this document is primarily concerned with the technical side of computer forensics, the legalalities of the subject will be discussed briefly in Section C, as the legal considerations of the science are too significant an aspect to be ignored. Where relevant, reference has been drawn to examples of situations where various aspects of computer forensics have been applied.

2.0        What is Computer Forensics?

In order to properly examine any aspect of the digital world, it is important to fully understand what it is that you are examining. Essentially, computer forensics is the collection of means through which data can be found on a computer. By “means”, I am referring to a range of techniques, tools and applications, many of which will be discussed throughout the course of this document. The purpose of computer forensics usually comes down to a question of evidence, finding data that can prove some particular fact, usually pertaining to what a user has been doing on their computer.

...read more.


Differing software applications will provide varying features and functions, but AccessData’s FTK (Forensic Toolkit) is typical of what one can expect from computer forensics software, so provides a valid case study for examination. The application’s latest release, FTK 3.0, can be used to achieve both acquisition and analysis of data, offers decryption and password cracking features, and is court-validated, so appeals to investigators and analysts involved in the computer forensics of both criminal and civil actions[13]. FTK integrates all of the base requirements of any computer forensics investigation, as illustrated in the following diagram.


From this diagram, it is plain to see that FTK, and other software tools like it, offer a completed integration of all the necessary functions of computer forensics. The importance of creating images has already been discussed, while registry analysis is key to the locating of sensitive data when dealing with a Windows environment. Decrypting files and passwords is a chief consideration when looking at the question of gaining access to data, while the ability of such tools to identify steganography takes considerable strides against the ability of users to masquerade and hide the data that the investigator or analyst may be looking to recover. The reporting feature, as already noted, is hugely beneficial in this field of computing, as due to its frequently high legal nature, proper procedures, methods of documentation and reporting regulations must be adhered to.

Computer forensics software also offers an advantage in relation to power, similar to the forensic network mentioned in Section 4.1.3. Using such software as FTK, investigators and analysts are able to draw on idle CPUs across networks when performing decryption or brute force attacks. By harnessing resources across a network like this, the chances of success are significantly increased.

...read more.






[1]Douglas; Dodd, John. Inside the Mind of BTK: The True Story Behind the Thirty-year Hunt for the Notorious Wichita Serial Killer.

[2]US Dept. of Justice, Antitrust Case Filings. United States v Microsoft. http://www.justice.gov/atr/cases/ms_index.htm

[3]Nelson, Bill; Phillips, Amelia; Enfinger, Frank; Steuart, Christopher. Guide to Computer Forensics and Investigations  (Second Edition).

[4] Forensic Devices, Digital Intelligence. http://www.digitalintelligence.com/products/rack-a-tacc/

[5]Forensic Computers, Inc. Tableau TACC1441 Hardware Accelerator. http://www.forensic-computers.com/TACC1441.php

[6]Discovery Channel production entitled Super Computer.

[7]Forensic Devices, Digital Intelligence. http://www.digitalintelligence.com/products/rack-a-tacc/

[8]MetaRescue.com, Hard Drive Forensic Duplicators. http://www.metarescue.com/servlet/Detail?no=2

[9]Tableau.com, Products, Forensic Duplicatorshttp://www.tableau.com/index.php?pageid=products&category=duplicators#galBottom0

[10]Data Destruction Topics, Accessing HPA and DCO Areas on Hard Drives. www.destructdata.com

[11]Tableau.com, Products, Forensic Bridges, Forensic SATA/IDE Bridge. http://www.tableau.com/index.php?pageid=products&model=T35e-RW

[12]Forensic Network, Digital Intelligence. http://www.digitalintelligence.com/products/forensic_network/

[13]AccessData.com, Forensic Toolkit 3.0. http://www.accessdata.com/forensictoolkit.html

[14]Encase Forensic Total Offering, PDF available from Guidance Software. www.guidancesoftware.com

[15]AccessData.com, Forensic Toolkit 3.0. http://www.accessdata.com/forensictoolkit.html

[16]Tool Testing Documents, NIST CFFT. http://www.cftt.nist.gov/testdocs.html

[17]NIST, General Test Methodology for Computer Forensic Tools, Version 1.9, Section 3.0: Approach.

[18]National Software Reference Library, Project Overview. http://www.nsrl.nist.gov/Project_Overview.htm

[19]Caloyannides, Michael A. Privacy Protection and Computer Forensics (Second Edition).

[20]Nelson, Bill; Phillips, Amelia; Enfinger, Frank; Steuart, Christopher. Guide to Computer Forensics and Investigations  (Second Edition).

[21]RS Boyer, A Fast String Search Algorithm, Communications of the Association for Computing Machinery, 1977.



...read more.

This student written piece of work is one of many that can be found in our University Degree Computer Science section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related University Degree Computer Science essays

  1. Marked by a teacher

    UK Copyright and File Sharing

    5 star(s)

    negatively affecting sales in the music industry - and the same research may apply to the film industry too, since many movies are also available on P2P networks. Though again, the research conducted isn't necessarily indicative of the situation, due to the research having been conducted on "music fans" (BBC News, 2005)

  2. Marked by a teacher

    Cisc v risc. To begin this assignment , I will outline the definition ...

    numbers one stored in location 2:3 and the other in location 5:2 and store the final result back in location 2:3 again , the two architectures would work as follows. Cisc trys to calculate and complete this in a few lines as possible .

  1. The purpose of this assignment is to research about Electronic data interchange and needs ...

    Electronic data interchange can change the way your company does business without any major re-development to the architecture of your existing business application software. As a result companies are choosing EDI because they want to stay ahead in to days market and EDI also offers speedy transactions, accurate information exchange and cost savings.

  2. Traffic Light Simulation and Machine Code Program.

    It is good style to use data tables. Decimal Base 10 numbers. Count with ten symbols. [ 0 1 2 3 4 5 6 7 8 9 ] Digital Electronic Systems that use binary. Computers use binary numbers and are digital.

  1. OMC-R and CBSC ATP Overview

    * The OMC-R/MM console has been installed according to the installation procedures in this manual. * Power has been applied to the OMC-R, MM, and associated consoles. * The MM and OMC-R have completed their initialization. * The system is in either single or multiple user mode.

  2. Examine the methods used to secure a supply of cheap labour for the diamond ...

    A white industrial labour force also developed alongside the African, as a result of the fact that not all whites were able to hire labour. Doxey (1974) believes that the Africans did not need much in a European sense, and that though they too still flocked to the diggings, once

  1. Qualitative Risk Analysis

    Data precision ranking is a technique to evaluate the degree to which the data about risks are useful for risk management. It involves examining: * Extent of understanding of a risk * Data available about the risk * Quality and integrity of data * Reliability of data The use of

  2. Forensic Tools and Techniques - EnCase & XRY

    However, doing so has the possibility to contaminate evidence, so EnCase provides another useful utility called the ?LinEn? utility which allows the examiner to boot the device in a forensically sound manner. EnCase provides a series of automation tools which helps speed up the investigation process.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work