• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  32. 32
  33. 33
  34. 34
  35. 35

Methods and technology used in Computer Forensics

Extracts from this document...



1.0 Document Overview

2.0 What is Computer Forensics?

        2.1 Uses of Computer Forensics


3.0 Computer Forensics Tools & Applications

        3.1 Hardware

                3.1.1 Standalone Devices

                3.1.2 Integrated Configurations

                3.1.3 Forensic Networks

        3.2 Software

                3.2.1 NIST CFTT, FS-TST & NSRL

4.0 Locating Sensitive Data

5.0 Computer Forensic Techniques

5.1 Recovering Deleted Data

5.2 String Searching

5.3 Registry Reconstruction

6.0 Overcoming Forensic Techniques


7.0 Recovering Deleted Data

8.0 Web Browser Activity Reconstruction

9.0 Analysing Files of Unknown Origin


1.0        Document Overview

This document will examine computer forensics from both a theoretical and practical perspective. Section A will look at the former of these, researching and discussing the various aspects of computer forensics, including important methodologies, technical and practical considerations. Section B will document a series of live tests that I conducted in a virtualised environment, analysing the use of a variety of forensic tools and applications. While this document is primarily concerned with the technical side of computer forensics, the legalalities of the subject will be discussed briefly in Section C, as the legal considerations of the science are too significant an aspect to be ignored. Where relevant, reference has been drawn to examples of situations where various aspects of computer forensics have been applied.

2.0        What is Computer Forensics?

In order to properly examine any aspect of the digital world, it is important to fully understand what it is that you are examining. Essentially, computer forensics is the collection of means through which data can be found on a computer. By “means”, I am referring to a range of techniques, tools and applications, many of which will be discussed throughout the course of this document. The purpose of computer forensics usually comes down to a question of evidence, finding data that can prove some particular fact, usually pertaining to what a user has been doing on their computer.

...read more.


Differing software applications will provide varying features and functions, but AccessData’s FTK (Forensic Toolkit) is typical of what one can expect from computer forensics software, so provides a valid case study for examination. The application’s latest release, FTK 3.0, can be used to achieve both acquisition and analysis of data, offers decryption and password cracking features, and is court-validated, so appeals to investigators and analysts involved in the computer forensics of both criminal and civil actions[13]. FTK integrates all of the base requirements of any computer forensics investigation, as illustrated in the following diagram.


From this diagram, it is plain to see that FTK, and other software tools like it, offer a completed integration of all the necessary functions of computer forensics. The importance of creating images has already been discussed, while registry analysis is key to the locating of sensitive data when dealing with a Windows environment. Decrypting files and passwords is a chief consideration when looking at the question of gaining access to data, while the ability of such tools to identify steganography takes considerable strides against the ability of users to masquerade and hide the data that the investigator or analyst may be looking to recover. The reporting feature, as already noted, is hugely beneficial in this field of computing, as due to its frequently high legal nature, proper procedures, methods of documentation and reporting regulations must be adhered to.

Computer forensics software also offers an advantage in relation to power, similar to the forensic network mentioned in Section 4.1.3. Using such software as FTK, investigators and analysts are able to draw on idle CPUs across networks when performing decryption or brute force attacks. By harnessing resources across a network like this, the chances of success are significantly increased.

...read more.






[1]Douglas; Dodd, John. Inside the Mind of BTK: The True Story Behind the Thirty-year Hunt for the Notorious Wichita Serial Killer.

[2]US Dept. of Justice, Antitrust Case Filings. United States v Microsoft. http://www.justice.gov/atr/cases/ms_index.htm

[3]Nelson, Bill; Phillips, Amelia; Enfinger, Frank; Steuart, Christopher. Guide to Computer Forensics and Investigations  (Second Edition).

[4] Forensic Devices, Digital Intelligence. http://www.digitalintelligence.com/products/rack-a-tacc/

[5]Forensic Computers, Inc. Tableau TACC1441 Hardware Accelerator. http://www.forensic-computers.com/TACC1441.php

[6]Discovery Channel production entitled Super Computer.

[7]Forensic Devices, Digital Intelligence. http://www.digitalintelligence.com/products/rack-a-tacc/

[8]MetaRescue.com, Hard Drive Forensic Duplicators. http://www.metarescue.com/servlet/Detail?no=2

[9]Tableau.com, Products, Forensic Duplicatorshttp://www.tableau.com/index.php?pageid=products&category=duplicators#galBottom0

[10]Data Destruction Topics, Accessing HPA and DCO Areas on Hard Drives. www.destructdata.com

[11]Tableau.com, Products, Forensic Bridges, Forensic SATA/IDE Bridge. http://www.tableau.com/index.php?pageid=products&model=T35e-RW

[12]Forensic Network, Digital Intelligence. http://www.digitalintelligence.com/products/forensic_network/

[13]AccessData.com, Forensic Toolkit 3.0. http://www.accessdata.com/forensictoolkit.html

[14]Encase Forensic Total Offering, PDF available from Guidance Software. www.guidancesoftware.com

[15]AccessData.com, Forensic Toolkit 3.0. http://www.accessdata.com/forensictoolkit.html

[16]Tool Testing Documents, NIST CFFT. http://www.cftt.nist.gov/testdocs.html

[17]NIST, General Test Methodology for Computer Forensic Tools, Version 1.9, Section 3.0: Approach.

[18]National Software Reference Library, Project Overview. http://www.nsrl.nist.gov/Project_Overview.htm

[19]Caloyannides, Michael A. Privacy Protection and Computer Forensics (Second Edition).

[20]Nelson, Bill; Phillips, Amelia; Enfinger, Frank; Steuart, Christopher. Guide to Computer Forensics and Investigations  (Second Edition).

[21]RS Boyer, A Fast String Search Algorithm, Communications of the Association for Computing Machinery, 1977.



...read more.

This student written piece of work is one of many that can be found in our University Degree Computer Science section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related University Degree Computer Science essays

  1. Marked by a teacher

    UK Copyright and File Sharing

    5 star(s)

    and not on the average file sharing user. But in the past couple of years, it seems that the illegal sharing of music in particular has fallen substantially. A study conducted by Music Ally found that the sharing of music files was down 5% between December 2007 and January 2009,

  2. Marked by a teacher

    Cisc v risc. To begin this assignment , I will outline the definition ...

    cisc architecture do 80% of the work and thought that this was wasteful. His idea of the risc approach came about from the ibm 801 mini computer and seen that there was a fast comtroller in a very large telephone switching system.

  1. Traffic Light Simulation and Machine Code Program.

    It is good style to use data tables. Decimal Base 10 numbers. Count with ten symbols. [ 0 1 2 3 4 5 6 7 8 9 ] Digital Electronic Systems that use binary. Computers use binary numbers and are digital.

  2. Information systems development literature review. Since the 1960s Methodologies, Frameworks, Approaches and CASE ...

    As a final step, error checking and test case generators were included to validate software design." Barclay, S. et al. (nd). Within large organisations a number of CASE tools are used stated below: * Select SSADM * Oracle Designer * Visual Paradigm for UML * IBM Four-Gen CASE tool Throughtout

  1. Are GB and the USA really two-party systems?

    This argument introduces the comment to the point number two. In terms of the party in opposition, it all boils down to cooperation, rather than fierce opposition. Regarding the alternation, it can but does not have to take place. Sartori claims the US party allegiance is weaker than elsewhere.

  2. The aim of this project is to develop a web-based control laboratory to serve ...

    For student's observation purposes, it will also display the real time experiment inside the laboratory from a live video camera. A similar web page with extensive GUI will be created as in Figure 4. Figure 4: The GUI that displays the real time experiment with control panel and results [5].

  1. Lifecycle Management Of Information Technology Project In Construction

    and ?ociety in relation to ri?k to be borne by participant?. Thi? ?tudy will be related to an important intellectual i??ue. The re?earcher i? aware of any potential harmful effect?; in ?uch circum?tance?? and cho?en method wa? u?ed after con?ultation with colleague?

  2. Voice Messaging - testing compression software. ...

    If a file has a lot of repeated patterns, the rate of reduction typically increases with file size. In most languages of the world, certain letters and words often appear together in the same pattern. Because of this high rate of redundancy, text files compress very well.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work