Date Posted: 11/12/2017 12:27:11 AM
Posted By: snipper Membership Level: Gold Total Points: 1572
Processes/Stages in Computer ForensicsComputer forensics /computer forensic science-This is the application of investigation and analysis techniques used to gather, analyze, report and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The following are processes used to conduct computer forensics in chronological order.Stages/process1. ReadinessBeing fully prepared for the task to undertake. Involves obtaining authorization to search and seize.some activities include appropriate training, regular testing, and validation of their software and equipment, familiarity with legislation2. EvaluationMaking appropriate judgment based on case to be investigated. Involves receiving instructions the clarification of those instructions if unclear or ambiguous, carry out risk analysis and the allocation of roles and resources. Risk analysis for law enforcement may include an assessment of the likelihood of physical threat on entering a suspect’s property and how best to counter it.3. CollectionThe gathering is carried out on-site on crime. Some activities involved are, identifying and ensuring the security of devices which may store evidence and document the scene. Carrying Interviews or meetings with personnel who may hold information relevant to the examination, bag, tag, and safely transport the equipment and electronic evidence to a forensic lab.4. AnalysisThe analysis involves extracting relevant information obtained to apply to the current situation. Quality of information should be accurate, thorough, impartial, recorded, repeatable and completed within the scheduled time and proportional to resources allocated.5. Presentation Involves producing a detailed report of evidence in question in accordance with the findings, activities involved are, structuring information as it should be and cover additional information the examiner wants for investigation. Always report must be written with the end reader in mind. Examiner should be able to interpret his report in a manner that is understandable to respective persons.6. ReviewThis is carrying out an assessment of the whole procedure with the intention of instituting change in future if necessary. Mainly aimed at raising the level of quality by making future examinations more efficient and time effective. Examples of review include analysis of what went wrong, well and future improvements. Feedback is necessary for instructing party.Computer forensic as a field in today’s world has addressed issues surrounding digital evidence with a significance legal perspective.
Next: Relentless Industrial Action in KenyaPrevious: How to optimize internet content search