Computer Forensics and Digital Investigation Resources

computer forensics
Learn about computer forensics and security.

What is Computer Forensics?

Computer forensics, sometimes referred to as digital forensics, is a branch of forensic science that combines the elements of law and computer science. Computer forensics involves collecting and analyzing data obtained from computer systems, computer networks, wireless networks and communications. In addition, it involves data stored in various storage mediums such as hard drives, storage drives, thumb drives, CD-ROMs and even archaic floppy disks. Computer forensics adheres to the standards of evidence that are admissible in a court of law. They also specialize in identifying data and preserving evidence for use in court. Computer specialists, then analyze sources of documentary or other digital evidence to draw conclusions.

The days when a private investigator could find all the information he needed during an investigation with only a gun and a quick fist are long gone. If you are serious about becoming a private detective in the 21st century, then you’d better get used to the fact that you are going to have to also become somewhat of a computer nerd.

Computers hold valuable information on the who, what, when and why of criminal behavior and much of that information requires the use of forensic software to extricate. Get to know the following computer forensics resource as best as you can or resign yourself to hiring a knowledgeable expert a some point in the future.

Commercial Computer Forensics Tools

Digital Forensics

  • SANS Investigative Forensic Toolkit SIFT) Workstation – The SIFT Workstation is an investigative toolkit available to the digital forensics and incident response community. The suite contains tools that are designed to perform detailed digital forensic examinations in a variety of settings.
  • The Sleuth Kit (+Autopsy) – The Sleuth Kit and Autopsy Browser are UNIX open source digital forensic analysis tools, based on The Coroner’s Toolkit. They can be used to examine NTFS, FAT, FFS, EXT2FS and EXT3FS files.
  • Forensic Toolkit (FTK)
  • CAINE

Memory Forensics

Mobile Device Forensics

Software Forensics

Computer Reference Websites

Following are websites and other resources that provide more information regarding computer forensics:

Digital Detective’s Netanalysis – Your investigations as a private detective will at some point almost certainly come to a dead end when retrieving information stored on a drive. What if the forensic information you need exists only in cyberspace? Digital Detective offers a program called Netanalysis which enables you to piece together the history of internet use regardless of which browser was used. In addition to the capability to put back together the information deleted from caches and browsing history, Netanalysis also helps facilitate that process of helping to identify what parts of that recovering information is actually valuable as evidence.

Email Spy Software – Email Spy Software is the latest in monitoring technology allowing you to secretly record every incoming and outgoing email on the computer you install it to.

Guidance Software – A company that manufactures computer forensic hardware and software and provides training resources.

Password Recovery Toolkit – Even if you manage to secure a computer filled with all the evidence your job as a private detective could possibly desire, it will do you no good if you can’t get past the passwords required for retrieval. When your computer investigation relies on cracking passwords to gain entry into hundreds of different computer applications, then you are going to need something like Password Recovery Toolkit to solve the case.are is a remotely installable spy software solution designed to provide convenient access to the monitored PC from ANY LOCATION without the use of IP addresses and direct connections to the remote PC!

SMART for Linux – Every private detective who may be searching for valuable information hidden away on computers needs to become familiar with operating systems other than Windows. SMART for Linux can do all the forensic investigative work that you would want to do on a computer running Windows except that it works for computers running Linux. The programs bearing the SMART name are used at all levels of the law enforcement system in America as well as the military and many private companies.

Unshredder – Unshredder is a simple program that unleashes the power of a desktop computer to reduce the time consumed by investigators reconstructing shredded documentary evidence. Until now the only alternative to manual processing was to engage a third party to process the work on computers at their premises.

By comparison to external processing of the evidence Unshredder reduces the turnaround time, keeps full control of the investigation in-house and there is less risk of a security risk or loss of the evidence. The original shreds remain unchanged from the process and the integrity of the original is captured electronically to be printed or dispatched electronically by wire or disc.

X-Ways Investigator – X-Ways Investigator is a version of X-Ways Forensics designed specifically to allow the private detective to take over the investigation of evidence buried deeply within computers much earlier in the process. The primary focus of X-Ways Investigator is to provide you with every last bit of coded information that incontrovertibly ties files to that particular computer.

One aspect associated with X-Ways Investigator that has the potential to be of invaluable use for certain investigations is the inclusion of multiple tools associated with images hidden on its drives. These tools range from providing time stamps associated with photographs to a skin color detection.

Other Resources

Computer Crime Books – A collection of computer crime and computer security books. Use these helpful books to learn the tools, techniques and terminology used by the experts in this field.

Computer Monitoring Software – A collection of resources and software used to monitor computer and network activity.

Computer Security Resources for Conducting PC Forensic Investigations

Computer security is a field of computer science concerned with the control of risks related to computer use.  The term computer security may involve a wide range of security-related topics such as:

  • Internet security breaches
  • Server security and protection methods
  • Operating system security (e.g. Windows security)
  • Data and information security
  • Computer network and wireless networks
  • Security software (e.g. anti-virus software)

The following tools may be useful in conducting investigations into computer security or computer-related investigations:

CERT – Established in 1988, the CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

Computer Monitoring Software – A collection of resources and software used to monitor computer and network activity.

Computer Crime Books – A collection of computer crime books and computer security books from Amazon.com

FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.

HTCIA – The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge about methods, processes, and techniques relating to investigations and security in advanced technologies among its membership.

IACIS – IACIS® is an international volunteer non-profit corporation composed of law enforcement professionals dedicated to education in the field of forensic computer science. IACIS members represent Federal, State, Local and International Law Enforcement professionals. Regular IACIS members have been trained in the forensic science of seizing and processing computer systems.

IEEE Computer Society – With nearly 100,000 members, the IEEE Computer Society is the world’s leading organization of computer professionals. Founded in 1946, it is the largest of the 37 societies of the Institute of Electrical and Electronics Engineers (IEEE).  The Computer Society’s vision is to be the leading provider of technical information and services to the world’s computing professionals. The Society is dedicated to advancing the theory, practice, and application of computer and information processing technology.

Government Resources

InfraGard – InfraGard is a Federal Bureau of Investigation (FBI) program that began in the Cleveland Field Office in 1996. It was a local effort to gain support from the information technology industry and academia for the FBI’s investigative efforts in the cyber arena. The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center (NIPC) and to the Cyber Division in 2003. InfraGard and the FBI have developed a relationship of trust and credibility in the exchange of information concerning various terrorism, intelligence, criminal, and security matters

NIST Computer Forensics Tool Testing – Computer forensics tool testing documents

Internet Fraud Complaint Center – The Internet Crime Complaint Center (IC3) is a partnership between theFederal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). IC3’s mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the federal, state, local and international level, IC3 provides a central referral mechanism for complaints involving Internet related crimes

National White Collar Crime Center – The National White Collar Crime Center is focused on providing nationwide support for agencies involved in the prevention, investigation, and prosecution of economic and high-tech crimes. In addition, the center supports and partners with other appropriate entities to address homeland security initiatives, as they relate to economic and high-tech crimes.

If you have any questions about computer forensics and/or computer security, please leave a message below.

LEAVE A REPLY

Please enter your comment!
Please enter your name here