Участник:StrangDusek372
Introduction Computer forensics will be the practice of collecting, analysing and reporting on digital data in a way which is legally admissible. It might be utilized in the detection and prevention of crime and in any dispute exactly where evidence is stored digitally. Computer forensics has similar examination stages to other forensic disciplines and faces same concerns.
About this guide This guide discusses laptop forensics from a neutral perspective. It isn't linked to specific legislation or intended to promote a particular business enterprise or product and is just not written in bias of either law enforcement or commercial personal computer forensics. It is aimed at a non-technical audience and provides a high-level view of laptop forensics. This guide makes use of the term "computer system", on the other hand the suggestions apply to any device capable of storing digital data. Where methodologies have been mentioned they're offered as examples only and do not constitute tips and hints or tips. Copying and publishing the whole or part of this post is licensed solely under the terms of the Creative Commons - Attribution Non-Commercial 0 license
Uses of computer forensics There are couple of places of crime or dispute exactly where laptop forensics can't be applied. Law enforcement agencies have been amongst the earliest and heaviest users of computer system forensics and consequently have consistently been at the forefront of developments at the field. Computers could possibly constitute a 'scene of a crime', by way of example with hacking [ 1] or denial of service attacks or they may hold evidence in the sort of emails, online history, documents or other files relevant to crimes including murder, kidnap, fraud and drug trafficking. It isn't basically the content material of emails, documents along with other files which could be of interest to investigators having said that as well the 'meta-data' associated with those files. A laptop forensic examination may well reveal when a document 1st appeared on a personal computer, when it was last edited, once it was last saved or printed and which user performed these steps.
Guidelines For evidence to be admissible it ought to be reliable and not prejudicial, meaning that at all stages of this procedure admissibility have to be in the forefront of a personal computer forensic examiner's mind. One set of tips and hints which has been widely accepted to help in this will be the Association of Chief Police Officers Good Practice Guide for Computer Based Electronic Evidence or ACPO Guide for brief. Although the ACPO Guide is aimed at United Kingdom law enforcement its primary principles are applicable to all laptop forensics in whatever legislature. The 4 most important principles from this guide have been reproduced below (with references to law enforcement removed):
No action have to alter information held on a personal computer or storage media which might be thus relied upon in court.
In circumstances where a person finds it necessary to access original information held on a personal computer or storage media, that individual need to be competent to do so and be able to present evidence explaining the relevance as well as the implications of their steps.
