Posts Tagged ‘computer forensics’

Learn Computer Forensics on Your Own

October 29th, 2012 Comments off

Expertise in examining computers and networks for evidence can not only lead to a well-paying career, it can be an exciting field to work in. Many people who work in computer forensics have received training through their employer as a law-enforcement professional or corporate sponsored training. This does not mean that someone can’t learn these skills on their own. Thanks to online training, hands-on practice, and dozens of books on the subject, anyone with an interest in computer forensics can learn the skill set needed for this job.

  1. Learn the basics. Before getting started in computer forensics, you need to have a foundation in what it entails.
  2. Download forensic software and see how it works. There are many different tools available that don’t cost anything; some of these can be found at Open Source Forensics. These solutions provide a perfect opportunity for someone to learn how to use different forensic software.
  3. Create virtual machines to use as target computers when learning the software. Virtual machine software, like VirtualBox allows you to create a virtual computing environment that you can use for testing.
  4. Locate online forensics training. Once you have a grasp of computer forensics, it is time to take your training to the next level. There are many tutorials that can be found online that will help you better learn the different forensic software. Additionally, you can look into training packages that for a price will teach specific skills and software.
  5. Read books on forensics. There are many different books written on the subject that cover software packages like EnCase, methodologies used in forensic cases, and certification study manuals.

Obtaining certification in computer forensics can show potential clients and employers that you have expertise in the field.

Check with law enforcement agencies in your area to see if you can shadow them on investigations.

Understand the chain of custody when dealing with computer evidence.

Certain states require someone who is performing a computer forensic investigation to be a licensed private investigator. Make sure you understand the laws of your state before you move forward with an investigation.

First Steps in Computer Forensics: Securing Your Network

May 20th, 2012 Comments off

First Steps in Computer Forensics: Securing Your NetworkNo matter how secure your infrastructure is, sooner or later you will become a victim of a computer crime. Someone may point a DDoS (Distributed Denial of Service) attack at your services, may sniff your network, or may copy/delete confidential information. You may not even realize such a thing has happened. However, in an organized and secured network, you will be notified at the first signs of an attack. Now what? Your first normal reaction would be to stop the attack with whatever means possible. However, that may not be the best response. If you don’t possess the needed knowledge yourself, it might be a good idea to leave the crime scene as it is and let a computer forensics investigator deal with it. Let’s focus on the steps that the investigator would take. You may choose to take these steps alone but you will most likely not have all the necessary support tools and systems for that.

  1. Document the system – name, date, time, purpose, hardware, software, it all matters.
  2. Collect evidence – all the information about the attack should be securely taken off the target system. This is usually done through specific software that hashes all the information. This way, the information is legitimate and can be used as formal evidence for prosecution. The evidence that is usually collected includes active network connections, processes loaded into memory, and a copy of all the information on the disk with the respective creation, modification, and access values. The collector should be confident about the security of the system used for storage and analysis of the copied evidence. Only after this step, is it beneficial to unplug or shut down the affected system. If the affected system is saving logs on a remote server, copy them as well, although they are less likely to be compromised by the attack. In Linux, programs could still be running even after their files have been deleted. You can search for such programs with the command: file /proc/[0-9]*/exe|grep “(deleted)” . If you want to make a copy of this list use: /bin/dd if=/proc/filename/exe of=filename .
  3. Recreate the timeline of the attack – once all the information is copied on a secured workstation, the timeline of the attack can be recreated from the times of creation, modification, and access of all the files. This should be done before anything else, because the other steps can change the original times of the files. The timeline will show the last executed file, the last created/deleted folder, executed scripts, etc.
  4. Deeper analysis of the affected system – using the information collected in the previous steps, a deeper analysis can be performed of the system in order to find suspicious installations, creation or deletion of folders, and the like. Forensics investigators have specific tools for this step.
  5. File information restoration – the slack or unallocated space can be investigated for parts of files that, when combined, may indicate the time of deletion of files. It can be useful for the recreation of the steps of the attacker.
  6. Search – use all the information gathered so far to search for specific names, IP addresses, and file names, that can point you to the intruder.
  7. Report – no matter if the compromised system is your company’s or another’s, it is always good to document all your findings during the investigation. If it’s done right it can even be used in court.

Don’t make the mistake of not taking computer crimes seriously! In today’s digital world, computer crimes are just as serious as any other ones. Don’t hesitate to call a specialist if you’re not sure you can handle the investigation process alone. If your organization is big enough and your budget allows it, think about creating a Computer Security Incident Response Team which will be prepared for computer crimes and will have procedures and resources in place to handle them properly.

Syndicated stories and blog feeds, all rights reserved by the author.

Computer Forensics Needed to Pin Down GMA

December 26th, 2011 Comments off

Computer Forensics,GMA,PSAThe Aquino administration’s drive against corruption may need computer forensics to support the allegations against the Arroyo administration, a multinational risk consultancy said.

In a report dated Dec. 22, the Pacific Strategies and Assessments (PSA) said those involved in crimes like poll sabotage and plunder are secretive and are careful about avoiding a paper trail.

“Computer forensics might hold the key to finding the needed evidence,” said PSA managing director Scott Harrison.

“With the expanding use of computers and digital media in everyday transactions, evidence of criminal activities left in computers and other digital equipment clearly enhances court evidentiary procedures,” he added.

PSA though disclosed in the report that it is one of the companies practicing information technology (IT) forensics in the country. The company also has offices in Hong Kong, Shanghai, Beijing, Bangkok, Sydney and Milwaukee.

PSA said money laundering and convoluted business structures created to hide wrongdoing “increasingly require digital investigative techniques to prove a criminal case.”

“The majority of corruption cases in the Philippines are often hampered because much of the presented evidence is hearsay accusations of one or more people against others. Consequently languishing corruption cases are often dismissed or shelved due to a lack of concrete evidence,” Harrison said.

PSA said not one member of the Arroyos or their alleged co-conspirators in poll cheating and corruption have been convicted by the courts since President Aquino assumed office in 2010.

“The lack of investigative resources in the Philippines judicial system may prove to be a bigger impediment to President Aquino’s efforts to weed out corruption than the administration’s frustration with the Supreme Court,” the report read.

PSA said IT forensic specialists can create a mirror image of data inside a computer system and recover deleted, encrypted, or damaged files.

PSA claimed the recovery and analysis of hard disk drives, mobile phones and portable digital storage devices believed to be involved in crime are “critical digital evidence” that can boost one’s legal position in court.

McCann E-Investigations Grows its Computer Forensics Imaging Abilities

December 21st, 2011 Comments off

McCann E-Investigations, a Texas-based computer forensics and investigative firm grows its computer forensics abilities with the capital acquisition of condition from the art computer forensics tools because of its Houston division.

McCann E-Investigations,Computer Forensics

“We have experienced a amazing increase in our computer forensics cases whatsoever our locations.” Stated Serta Weiss, Partner at McCann E-Investigations. “Computer forensics is an extremely fluid industry. As technology gets to be more sophisticated, the pc forensics expert should have the versatility and insight to have the ability to adjust to the altering technology atmosphere.

“Having probably the most leading edge computer forensics tools guarantees that people can provide the greatest quality product to the clients” Weiss mentioned.

Gary Huestis leads the pc forensics team for Houston, Austin and Dallas. “While updates in computer forensics software and hardware tools are key, important too is our EnCase certification. “Stated Gary Huestis. EnCase may be the leading computer forensic solution and it is the standard. Gary continues to be an EnCase Licensed Examiner since 2005.

About McCann EI:

About McCann EI: McCann EI’s Texas-based digital forensics team supplies a one-stop solution for the Digitally Saved Information (ESI) investigative needs. McCann EI’s computer forensics, digital forensics, mobile forensics, and electronic discovery researchers serve lawyers, private industry, and government with similar dedication and expertise which has had clients embracing McCann for more than two-and-a-half decades.

Regardless whether your ESI is held in personal, corporate, mobile, or network drives, McCann EI’s computer forensics team has experience in electronic discovery and recuperating your digital files. Our researchers possess the experience to supply expert witness computer forensic testimony in courts across Texas. McCann EI services Companies, Lawyers, and People State-wide.

Austin Computer Forensics: 512-377-6142
Houston Computer Forensics: 832-628-4904
Dallas Computer Forensics: 214-329-9059
Lubbock Computer Forensics: 806-589-0320
Lufkin Computer Forensics: 936-585-4070
Brownsville Computer Forensics: 956-465-0849

Give us a call toll-free at 800-713-7670

Computer Forensics Salary

December 20th, 2011 Comments off

Computer Forensics Salary,Computer Forensics Laptop forensics wage graph has seen an incline, as cyber crime went up and also the preference for information storage went in the traditional paper books to computer unfold sheets. Computer forensic experts are fast rising, because the modern detectives of crime has moved base from real life towards the virtual world. The September 11 attack around the world commerce middle in New You are able to has additionally place the primary focus back on terrorism and cyber terrorists. Id theft, charge card fraud, and pedophiles browsing the web for prey exist several the crooks some type of computer forensic knowledgeable helps law enforcement to trap. Laptop computer forensic expert finds employment with regulation enforcement, detective companies, company companies, and private players who are inclined to laptop crimes. Laptop computer forensics job outlook for that approaching years is thought to become lucrative, as data goes digital and our dependence on the internet and computer develops.

Laptop Forensics Job Description
The pc forensic analyst uses refined software and hardware program instruments to analyze cyber crime, laptop hacking and also to decrypt understanding which could help in advancing a situation. The analyst utilizes various methods to obtain data on suspects like IP tackle tracing and packet sniffing at. In IP handle tracing a trace is completed to look for out information online company after which get information on the suspect. This technique is broadly accustomed to trace lower pedophiles who use computer systems to lure kids. Nowadays, the conventional ransom notice or risk notes happen to be changed by e-mails. The analyst tracks email ripoffs using the e-mail header which benefits source Ip, server data and data around the time and date of email generation. Laptop computer forensic analyst likewise helps decrypt data that’s on storage machine just like a Compact disc, DVD, hard disk or USB. Digital media is fast proving itself to be the brand new way of bandwith and devices like desktop computer systems, laptop systems, Private Digital Assistants (Smartphones), and cell phones really are a couple of from the tools that the analyst needs to undergo to find the information they need. The strategy of packet sniffing at can be used to collect useful info from systems, like electronic mail ids, passwords and private information. To get the job done, pc experts use instruments like hex editors the industry software program that allows these to control the binary data and be sure community security. Different tools they use are decryptors, disk analyzers, packet sniffers, and DNS tools. The experts make use of all the various tools available along with technical understand how, to sniff out digital clues. Pc experts need to trace lower cyber-terrorist, who trigger a menace inside the lives of remarkable people, corporates and pose a menace to network security.

Laptop Forensics Wage Vary
The area of pc forensics is comparatively new and people focusing on this filed didn’t have particular qualification apart from intensive understanding about personal computers and Internet crimes. Nowadays, you will find forensic science schools who offer diploma and certificates programs in computer forensics and understanding techniques security. Some schools even provide on-line diploma packages which may be quite useful in acquiring an excellent laptop forensics salary. The most popular wage for laptop forensic jobs is between USD 47,000 to USD 80,000. Police force and legal companies are proving itself to be top companies of laptop forensic experts and also the salaries provided are furthermore at componen with a few non-public organizations who supply jobs to individuals with fundamental cyber forensics and methods understand how. Legislation enforcement average salaries are between USD 50,000 to USD 75,000 and legal services pay round USD fifty four,000 to USD 70 five,000. Wage ranges for jobs in urban centers new You are able to and La happen to be considered to be as excessive as USD 90,000 to USD a hundred,000. Detective companies will also be good companies because they appear to provide everywhere between USD forty-five,000 to USD 80,000 with respect to the expertise and qualifications from the computer forensic analyst.

Computer forensics salary largely will rely on the business as well as your physical location. And like other IT jobs this subject promises a lucrative future, too.