Computer forensics courses may be new to some of us out there. One of the reasons may be because the course is not made known to the public as much as a career such as doctors, nurses, teachers and policemen. Everyone knows what forensics is but what they do not know are the branches in forensics and this course is one of the branches.Technology is getting more and more advance each day and the job scope gets larger and larger each and every single day. Investigation involves investigating the possible crimes at any crime scenes involving the use of computers or any digital devises as evidence. Here, you may find the basic things that an investigator does. Investigator first needs to prepare evidence and chain of custody forms.
Evidence forms will contain the name of the device, the measurements, model, and serial numbers. This form is to ensure that there will be no confusions of devices and that particular device is for one particular case and will not be mixed up.
Chain of custody forms answers the five questions of “what”, “when”, “who”, “where”, “why” and “how” of the particular evidence.
After filling up those forms, the investigator will have to analyse on how to retrieve the data from the device. There are several things that a computer forensic investigator has to follow and below are a few examples:
not to boot a computer when it is off
not to off a computer when it is on
protect the evidence from getting destroyed by using a write protection software
When analyzing the data, the investigator has to make sure that every section of the device is checked. If it is regarding an email account, the data obtained has to be not only from the inbox but also sent files, drafts, spam mails, trash bins and other links provided by the email address provider. If it is the whole computer, then there is the necessity to check the temp files, recycle bin, recent link file, internet history, printed files, and also retrieve deleted files by using trustworthy software.