Wednesday, August 5, 2009

6 Steps to Having Computer Forensic Examination Done

A computer forensic examination consists of the preservation, identification, extraction, and interpretation of documents that have been at one point stored on a computer. Whether you are looking for evidence from a crime or are simply looking to find information about your spouse, a Certified Computer Forensic Examiner can perform such an examination with six steps.

The first step the examiner will take is establishing some chain of custody. It is important that examiner knows where any items related to the investigation will be located at all times. Many times places like a safe or cabinet is best to secure the items.

Next, the examiner will catalog all relevant information including active, archival and latent data. Any kind of information that has been deleted can be recovered if at all possible and any encrypted information or information that is password-protected will be identified. During this process, an exact copy of the hard drive image will be made and the image is then authenticated against the original to ensure it is the exact copy.

From there, additional sources of information will be obtained depending on how the computer forensic examination is going and what the circumstances are. Some additional sources of information that may need to be obtained include firewall logs, proxy servicer logs, Kerberos server logs or sign-in sheets.


The fourth step during the examination is analyze and interpret all of the information in order to determine what can be used as evidence. The examiner will look for both exculpatory and inculpatory evidence to solidify a decision. In order to ensure the accuracy of the decision, encrypted files and password protected files will be identified.

After collecting all of the necessary information and evidence needed with the case, a written report will then be submitted to the client with whatever findings and comments the investigators have.

Finally, the investigator will provide expert witness testimony at a deposition, trial, or some other form of legal proceeding. Keep in mind that you cannot perform a computer forensic examination on your own. A certified examiner uses licensed equipment that will prevent tainting the evidence and ultimately ensure its validity in court.

When looking for a computer forensic examination, make sure you look for help from a certified examiner. They will be able to help you with whatever problem or evidence you are looking to attain. When performing the examination, the examiner will go through the six steps listed in this article in order to do so legally and efficiently.

Copyright (c) 2009 Ed Opperman
Ed Opperman invites you to visit his cyber investigation website for all of your search needs. He offers employment locate, internet infidelity investigations, email tracing, telephone investigations, and much more. To learn more about how to recover deleted pics and other useful information please click here now:===> http://www.emailrevealer.com.
Article Source: http://EzineArticles.com/?expert=Ed_Opperman

Tuesday, August 4, 2009

Cell Phone Forensics at Its Best

While everyone is aware of how far technology has come today, many forget really how much specific devices can tell about various events. Cell phone forensics has become a vital piece of information and evidence that is used in criminal trials. Between being highly sophisticated and rather simple at the same time, this device can be extremely beneficial in criminal investigations.

The main reason cell phone records are used in court is to determine where people were and who they were talking to. What you may not realize is just how easy it is to track where you are when you were talking on the phone.
Despite cell phones being fairly sophisticated devices, they really are nothing more than a two-way radio. They are constantly connecting and communicating with a network by sending pings to the nearest transmission tower. Because of this, it makes it fairly simple to route calls correctly.

There are multiple antennas that track your phone's signal because of the fact that a single tower only covers a few square miles. However, cell phone forensics is made possible with the help of countless towers spread all over. As you move, your call travels and is handed over to the base station that receives the strongest signal from the phone. This means that wherever you go, your signal can and will be tracked.

The carrier keeps detailed records of which towers your phone has made contact with and what time it did so. What this means is that where you and your phone are located can be tracked within a few hundred yards. Urban areas allow you to be tracked even more precisely by the block.
To make cell phone forensics even easier, many phones have become equipped with GPS chips. As long as it is turned on, this allows the carrier and anyone looking to attain evidence and records your exact location in real time.

This information has different ramifications on different people. For some, it can be a great way to track down where your husband or wife really went during a "business vacation." For others, it can lead to your conviction in some kind of criminal trial. It all depends on how you look at the technology and what you are hoping to get out of it.

For now, there is no doubt that cell phones have played a major role in criminal cases and many other types of trials. With the ability to track where you are, where you have gone, and what time you were in the location, cell phones can either be your best or worst enemy in regards to cell phone forensics.

Copyright (c) 2009 Ed Opperman
Ed Opperman invites you to visit his cyber investigation website for all of your search needs. He offers employment locate, internet infidelity investigations, email tracing, telephone investigations, and much more. To learn more about how to recover and undelete deleted pics and other useful information please click here now:===> http://www.emailrevealer.com
Article Source: http://EzineArticles.com/?expert=Ed_Opperman