The computer is an important part of our lives. Sending letters have been entirely changed through emails. Communications have been dominated by instant messaging and texts. Portable storage devices that were only known to IT professionals are now used by the general public. We already have an idea of what computer forensics is but what does happen in a typical investigation?

The computer crime scene

First like any other investigation would start, the location is regarded as a crime scene. The computer analyst will take digital photographs and secure documentary evidence. This includes printouts, notes and disks in the scene. If you have hired a computer forensic expert you should leave everything to them. The computer system should left as it is whether it is turned on or off.

If the computer is turned on the computer analyst will gather all the information that he can from the running applications. It will then be shutdown in a way that the data will not be lost. Doing a standard shutdown or pulling the plug is not an option. Both of these methods may cause the lost or damage of the data in the computer system.

The computer forensic analyst then documents the configuration of the system. This will include the order of hard drives, modem, LAN, storage subsystems, cable connections, and wireless networking hardware. The analyst will take digital photographs and make a diagram. They will also take portable storage devices within the area that may contain substantial evidence.

After that the hard drive will be taken to the lab. It’s not suitable to examine data in the same hardware. Offenders who engage in cyber crimes are also aware that important data can be retrieved to convict them. Countermeasures , viruses and booby traps may be installed in the system to damage electronic evidence.