Introduction
Computer forensics is the process of examining Digital Forensics Services, a digital media device or data, to determine its authenticity, ownership, security, and original condition. More specifically it is the examination of digital media devices such as laptops, mobile phones and USB drives in order to collect evidence for use in legal proceedings. The term computer forensics has several overlapping meanings including the digital forensics discipline, computer crimes investigation and computer security incident response.
Best computer system for forensics
1. Obtain the right tools
The first thing to do is find the right computer system for forensics. In many situations, people believe that the best computer system for forensics will be a high end, expensive configuration with lots of RAM, multiple hard drives, and a fast processor. This is simply not true and it’s important to know why. The simple answer is that even a $2,000 computer will be able to run these tools but you need more than just a powerful system in order to run them effectively.
2. Get the right hardware
The second thing to do is find out what hardware needs to be purchased in order to start running the tools effectively on a computer system for forensics. The only computer system that every examiner can afford is a laptop, so this must be the first item on the list. The second thing that an examiner needs to have available is a external storage device that can be used to hold large amounts of data. This could be a USB memory stick or external hard drive, but in many situations, it will be necessary to use network-attached storage (NAS) devices due to the amount of data being collected by most forensic examiners.
3. Get the right software
The third thing that an examiner must have available is a computer system for forensics software suite. There are many different options and types of software available and it is important to know which tools are most effective in particular situations. For instance, you might want to use one of the many commercial forensic packages or use a free open-source application such as Open Watch tool (OWS) or LFT for live forensics.
4. Use the right tools
Now that you have the right hardware and software and are using the right tools, it is time to start running these tools on a computer system for forensics. The first step to take is to make a copy of your evidence before processing because it can be destroyed by over-zealous computer users. Next use Ghost and Partition Magic with a live forensics application such as WinObj to delete all partitions on the computer system for forensics and create the bare operating system in order for forensic software to operate effectively.
5. Keep records
Once you have completed all of these steps on a computer system for forensics, you must also keep records of all tasks you perform during an examination. This record could include the date, time, software used and all changes made during the examination. As you gain more experience as an examiner you may need to revisit old cases so that you can explain why a change occurred or what software was used to recover deleted data. In addition, to avoid data breaches, the computer system and its attached storage solutions should both be encrypted.
