Verified Document

How To Collect And Analyze Data In Computer Forensics Case Study

¶ … burgeoning field of computer or digital forensics has multiple applications. As Carroll, Brannon & Song (2008a) point out, the two primary functions of computer forensics include data extraction and data analysis. As with other areas of forensics, methodologies in computer forensics include scientific methods of data collection, data preservation, and data analysis with ultimate goals of documentation or presentation in accordance with the needs and demands of the investigative team. Although computer forensics is relatively new compared to other branches of the field, the methods whereby digital data can be collected and analyzed are systematic to ensure accuracy and validity. Computer forensics experts should become familiar with the latest operating systems for the purposes of data collection and preservation. For example, Carroll, Brannon & Song (2008b) note that Microsoft Vista's BitLocker provides encryption storage, which has direct ramifications on data extraction and collection by law enforcement. It is also critical that forensics experts become cognizant of the legal protections provided to users and the subsequent legal constraints on data extraction from personal devices. Case law studies on computer forensics highlight some of the core constraints on data collection and its use in courts of law. Littlefield...

Parts of this document are hidden

View Full Document
svg-one

This type of procedures helps the data become more robust.
Researchers highlight the importance of regular training and updating of skills in using various operating systems and understanding system architectures to maximize the efficiency and accuracy of forensics procedures. It may be far preferable to engage a team of highly trained law enforcement personnel than to call upon outsiders and consultants for use in trials (Littlefield, 2008). Case studies reveal the importance of taking into account different overlapping variables including where the files are located, when they were last created, edited, or saved, and how to access a computer's virtual memory for especially sensitive data.

Carroll, Brannon & Song (2008) point out some of the problems inherent in analyzing and collecting large amounts of data, such as at the enterprise level. Copies of data must be made in accordance with chain of custody rules. Forensics experts should never, according to Carroll, Brannon & Song (2008), except in extreme circumstances, work with the original copies of the material in order to preserve their integrity and maximize their potential use in court. Some…

Sources used in this document:
References

Carroll, O.L., Brannon, S.K. & Song, T. (2008a). Computer forensics. United States Attorneys' Bulletin 56(1): 1-8.

Carroll, O.L., Brannon, S.K. & Song, T. (2008c). Managing large amounts of electronic evidence. United States Attorneys' Bulletin 56(1): 46-59

Carroll, O.L., Brannon, S.K. & Song, T. (2008b). Vista and BitLocker and Forensics, Oh My! United States Attorneys' Bulletin 56(1): 9-28

Littlefield, M.J. (2008). Demystifying the computer forensic process for trial. United States Attorneys' Bulletin 56(1): 29-45
Cite this Document:
Copy Bibliography Citation

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now