Computer Forensic….

January 8, 2015








Computer Forensic is a new field in the IT industry. Nowadays , the subject and course computer forensic has been taught in lectures in Universities and Colleges. In Malaysia , Computer Forensic is a new field that has been introduced here in these days. Computer Forensic is basically is an investigation that been carried out to find evidence about criminal activities that can be represented in the court of law. The book entitled Computer Forensic for dummies – , I just borrowed it from the National Library – PNM.

Workplaces have disaster-recovery and business-continuity systems that perform automatic backups. Companies are required to retain business records for audit or litigation purposes. Even if you never saved a particular
file to the networked server, it might still be retained on multiple backup media somewhere. Instant, text, and voice messages exist in digital format and, therefore, are stored on the servers of your Internet service provider
(ISP), cell provider, or phone company. Although text messages are more transient than e-mail, messages are stored and backed up the same way. Recipients have copies that may also be stored and backed up.

Your job as a computer forensics investigator involves a series of processes to find, analyze, and preserve the relevant digital files or data for use as e-evidence. You perform those functions as part of a case. Each computer forensic case has a life cycle that starts with getting permission to invade someone else’s private property. You might enter into the case at a later stage in the life cycle. Taken to completion, the case ends in court where a correct verdict is made, unless something causes the case to terminate earlier.

The first step in any computer forensic investigation is to identify the type of media you’re working with. The various types of media you might encounter are described in this list:
1. Fixed storage device: Any device that you use to store data and that’s permanently attached to a computer is a fixed storage device. The type of storage device you’re probably most familiar with is the classic magnetic-media hard drive, which is inside almost every personal computer . Traditional hard drives are mechanisms that rotate disks coated with a magnetic material; however, new technology uses chip-based storage media known as the solid-state drive (SSD). It’s as though your thumb flash drive is 1,000 times larger than its current size!

2. Portable storage device: Most people consider floppy disks (remember those?) or flash memory drives, to be the only true portable storage devices, but any device that you can carry with you qualifies. iPods , MP3 players, mobile phones, and even some wristwatches are also portable storage devices. Unlike fixed storage, where most interfaces are standardized, mobile devices have different interfaces, which adds to the complexity of your case.

3.  Memory storage area: With the move from desktop computers to mobile devices, investigators are seeing increasingly more evidence that’s found only in memory. The obvious type of device is a mobile phone (such as the Apple iPhone) or personal digital assistant that often saves data only in volatile memory. After the battery dies, your data evidence also dies. Not-so-obvious places to find evidence in volatile memory are the RAM areas of regular computers and servers as well as some network devices.

4. Network storage device: With the growth of the Internet and the exponential increase in the power of network devices, data can be found on devices that until now haven’t held forensic data of any value. Devices such as routers , switches, and even wireless access points can now save possible forensic information  and even archive it for future access.

5. Memory card: In addition to using built-in RAM memory, many devices now use digital memory cards to add storage. Common types are SD and MMC flash cards. To read this type of memory device, you often have to use a multimedia card reader.

In conclusion , the field Computer Forensic is a good and interesting field to venture here in Malaysia. There are some companies that provide services in Computer Forensic field. Some uses operating system such as Backtrack 5 R2 or Hex Live CD to do forensic jobs. Encase and FTK can also help us to do computer forensic investigation. I also provide computer forensic services to my customer – PC Network Services. The future of computer forensic in Malaysia is really quit challenging and it also provide better job in forensic investigation.

p/s:- Some of the article is taken from the excerpt Computer Forensic for dummies – Wiley Publishing Inc. Author :  Linda Volonino and Reynaldo Anzaldua.





Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: