Get premium membership and access questions with answers, video lessons as well as revision papers.

Processes/Stages in Computer Forensics

  

Date Posted: 11/12/2017 12:27:11 AM

Posted By: snipper  Membership Level: Gold  Total Points: 1572


Processes/Stages in Computer Forensics

Computer forensics /computer forensic science-This is the application of investigation and analysis techniques used to gather, analyze, report and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The following are processes used to conduct computer forensics in chronological order.
Stages/process

1. Readiness

Being fully prepared for the task to undertake. Involves obtaining authorization to search and seize.some activities include appropriate training, regular testing, and validation of their software and equipment, familiarity with legislation

2. Evaluation

Making appropriate judgment based on case to be investigated. Involves receiving instructions the clarification of those instructions if unclear or ambiguous, carry out risk analysis and the allocation of roles and resources. Risk analysis for law enforcement may include an assessment of the likelihood of physical threat on entering a suspect’s property and how best to counter it.

3. Collection

The gathering is carried out on-site on crime. Some activities involved are, identifying and ensuring the security of devices which may store evidence and document the scene. Carrying Interviews or meetings with personnel who may hold information relevant to the examination, bag, tag, and safely transport the equipment and electronic evidence to a forensic lab.

4. Analysis

The analysis involves extracting relevant information obtained to apply to the current situation. Quality of information should be accurate, thorough, impartial, recorded, repeatable and completed within the scheduled time and proportional to resources allocated.

5. Presentation

Involves producing a detailed report of evidence in question in accordance with the findings, activities involved are, structuring information as it should be and cover additional information the examiner wants for investigation. Always report must be written with the end reader in mind. Examiner should be able to interpret his report in a manner that is understandable to respective persons.

6. Review

This is carrying out

an assessment of the whole procedure with the intention of instituting change in future if necessary. Mainly aimed at raising the level of quality by making future examinations more efficient and time effective. Examples of review include analysis of what went wrong, well and future improvements. Feedback is necessary for instructing party.
Computer forensic as a field in today’s world has addressed issues surrounding digital evidence with a significance legal perspective.




Next: Relentless Industrial Action in Kenya
Previous: How to optimize internet content search

More Resources
Quick Links
Kenyaplex On Facebook


Kenyaplex Learning