Computer forensics has been developed as a vital technology in giving verification in investigations of computer misuse, attacks against computer systems and more traditional crimes like money laundering and fraud where there is an involvement of digital devices. Investigators conduct a preliminary analysis at a rapid pace during the crime scene on suspects' strategy for determining the survival of any unsuitable materials. For this reason, it is critical to create a tool which is portable and can perform efficient instant analysis. In addition, in order to recover evidence and clues from unallocated space by recovering deleted files, a file structure based carving algorithm for Windows registry hive files is presented based on their internal structure and unique patterns of storage. This is the reason why these issues have gained a lot of value in the cyber crime. Therefore, all these issues have been discussed in detail in this topic.
Table of Contents
Abstract2
Introduction4
Background of Computer Crime4
Rapid advancement of Computer Forensics for curbing cyber crime5
Basic Forensic Methodology6
The usage of Computer Forensics for computer crimes7
Conclusion8
References10
Computer Crimes
Introduction
Background of Computer Crime
The internet and digital devices like portable media players, smart phones and digital cameras are now being used by many different people for a variety of reasons. Unfortunately, criminals are also designing their own uses to assist them in committing their crimes Law enforcement now has a great demand for investigators with a technology background to join the computer forensics field. This branch of forensic science is responsible for searching through and recovering evidence from digital sources. The evidence is not limited to files or emails found on a computer, but can be from any digital device that stores data. This field has become a vital tool in the fight against crime in cases where little or no physical evidence like DNA or fingerprints exists. Unlike physical evidence, many crooks are aware of the digital trail they left behind and attempt to delete whatever evidence they can. For example, when the Enron scandal surfaced in October 2001, top executives deleted thousands of e-mails and digital documents in an effort to cover up their fraud. Fortunately, when files on a computer hard drives are deleted the data is not actually erased (Berghel, 2007, 20).
The space it occupies simply becomes available for use by other files which is also known as unallocated space. The less data added to the system after a file has been deleted greatly increases the possibility that the data can be recovered, even after long periods of time. However, as activities on the system increases, the likelihood that data can be fully recovered diminishes. This is because eventually these unallocated spaces will be re-assigned to other files. Forensic analysis of unallocated disk space has attracted the interest of many forensic investigators as it has played an important role in the computer forensics field bringing convictions to so many important criminal cases. In fact, one of the decade's most fascinating criminal trials against corporate giant Enron was successful largely due ...