FORENSIC TOOLS

Forensic Tools



Forensic Tools

Forensics process and the steps taken by an examiner related to identity theft and computer crime

The activities to be developed by professional computer forensics should be used for proper planning of preventive security in a network corporate. Insofar as the Internet grows, so does likewise the number of actions against illegal incur the security of networks corporate, so we have to ask: Who carries out these incidents? What's possible? What, who and what cause them? How do they occur? What measures should be implemented? For this reason, it is necessary that the examiner materializes the political security, with the objective to plan, manage, and control such basic issues as:

Setting security for the assets of information, responsibilities and contingency plans, should be established to be protected and how.

System to control access, should be restricted and maximize access permissions to certain staff can get some information, establishing who can access certain information and that way.

Backup Data: Make copies of the information periodically for later restoration in case of loss or corruption of data.

Managing viruses and intruders: Establish a policy for action in the presence of malware, spyware and viruses avoiding the risks to safety (Owen, 2000).

In addition, you must perform a physical meeting of managerial and / or manager to instruct them as important concepts:

Many times the security spending is considered unprofitable.

It should measure cost them a loss of information would meet the cost of protecting it.

The investment in safety measures will be higher for those applications that present greater risk and greater impact if suspendidas.

Security measures taken rationally resulted in organizations such benefits as increased productivity, increased motivation and involvement of staff (Owen, 2000).

Two recommended examples of authentication acceptable in the investigative process of identity theft

Method or protocol for the acquisition of evidence

A computer forensics lab need to be able to search for evidence in major search universes, precisely and accurately, and with reasonable performance, while maintaining evidential integrity. As a way to meet these requirements, we propose the following alternative solutions: - Search Software diskette forensic evidence. No need to open or manipulate the computer hard disk suspect. - Standard PC forensic software that allows you to search without having to back suspicious disk and without having to connect directly to the machine hard suspicious coroner. No need to open or manipulate the computer hard disk suspect. - PC with hardware modifications to allow only read from discs through a data bus for forensic analysis, which should connect the suspect hard disk to be analyzed, and any forensic software. It requires you to open and manipulate computer hard disk suspect (Stanton, 2003).

The management of evidence has the same goals, methods and forensic security procedures, these are:

Admissibility of evidence. There are legal rules that determine whether or not potential evidence may be considered by a court. The evidence must be obtained as to ensure the authenticity and validity and should not be altered in any way.

The computer search procedures must not damage, destroy or compromise the ...