Bigpond Technologies

Archive for the ‘Computer Forensics’ Category

Computer forensics is the process of investigating electronic devices or computers to discover and analyze information available, deleted, or hidden that can serve as evidence in a legal matter. It is also helpful when you have accidentally lost data due to failures.
Modern tools and computer forensics software make it much easier for the forensic evidence to find and restore faster and more accurately.

Computer forensics evidence collected and used digital computer crime cases and other crimes using advanced techniques and technologies. A computer forensic expert uses these techniques to discover evidence of an electronic storage device. Data can be any kind of electronic device such as hard disks, backup tapes, Handheld Portable computers, memory sticks, files and emails.

Most users believe that deleting a file will completely remove the information from the hard drive. In reality, it only removes the file location, but the actual file remains on your computer.

Computer forensics got attention during the Enron scandal, as the largest investigative computer forensics to this date. Today, computer forensics and electronic discovery is becoming standard trials and lawsuits of all types, especially large trials involving litigation matters with a lot of corporate data.

Computer forensics can be used to uncover fraud, unauthorized use of computers, a violation of company policies, chat history, file and navwegacion or any other form of electronic communications.

The purpose of forensic computer techniques, is to seek, preserve and analyze information on computer systems to search for potential evidence of a crime. Many of the techniques used by detectives at crime scenes has its counterpart in digital forensics, although there are some unique aspects in the research-based computers .

For example, simply open a file, change that file – the computer remembers the time and date on which it was accessed. If a detective picks up a computer and begins to open files and folders, there is no way to tell if something changed. If a case of hacking goes to trial, would have probative value to be altered and changed the status of the computer system.

Some people believe that using digital information as evidence, it is a bad idea. If it’s so easy to change data on a computer, how can it be used as a reliable test? Many countries allow computer evidence at trial and processes, but this could change if it is proved in future cases that are not trusted. Computers are becoming more powerful, so that the fields within the computer forensics must constantly evolve. Read the rest of this entry »

Holders of major intrusions in recent weeks have led to much talk of the APT (Advanced Persistent Threat), a term that comes to describe a threat that uses highly sophisticated techniques and behind which would supposedly governments of countries like China or Russia.

This can lead us to forget that not all threats are why using the latest technology or rely on advanced attacks made via the Internet, there are times when a lack of basic computer security measures can result in critical information from falling into enemy hands, even when the enemy uses comparatively primitive means.

More often jump to the news media in which a laptop containing sensitive data is lost or stolen in 2007, the FBI acknowledged that about 40 laptops lost each year , while in 2008 the Ministry of Defence lost data support more than one hundred thousand soldiers .

In most cases it is impossible to say whether the data contained on these computers and media reaches the hands of hostile forces, although there was at least one known precedent in which it did. Take the case of a few years ago video released by As-Sahab , the media arm of Al Queda, entitled ” The war of the oppressed people “where we show images of battle remained in Kunar, Afghanistan with a group of four members of the Us special forces of the Navy, the Navy Seals. Read the rest of this entry »

In the detective series, the researcher sitting in front of the suspect computer, press four keys and get all the information he sought . In real life it is so simple, but with the right tools is possible to scan a computer in a few hours.

Looking for what? For images, text, deleted files, chat logs, web history, passwords and files that allow anyone to track the activity of a person on a computer . Of course, many of these utilities are also used to retrieve information of their own.
Recover deleted files and emails
Unless someone to carry out periodic cleaning of empty space (for example, Disk Wipe ) or working in temporary environments (eg Live-CD or virtual machines), recover deleted files is not only possible but also very simple.

Some of the most effective tools for this task are DiskDigger , Recuva , Pandora Recovery and TestDisk , which rescue even lost partitions and boot sectors.

If the data is unreadable CDs and DVDs, worth trying a low-level reading ISOBuster . For deleted emails in Outlook Express, Format Recovery is a good free option.

Recover passwords
The password protection system is used by many web sites, messaging and office automation tools. Collect existing keys can save a lot of valuable information.