CSI is a process for using the latest knowledge in science and technology with computer technology to collect, analyze and present evidence in criminal and civil courts. Network administrators and security personnel administration and management of networks and information systems must have complete knowledge of computer forensics. The meaning of the word “Forensics” is “to bring to court”. Forensics is the process that deals with finding evidence and recovering data. The evidence includes many forms, such as fingerprints, DNA testing or complete files on hard disks, etc. consistency and standardization of computer forensics in the courts are not recognized because it is very new discipline.
It is essential that network administrators and security personnel, network organizations practicing computer forensics and should have knowledge of laws, because the level of computer crime is increasing sharply. It is very interesting for mangers and staff who want to know how computer forensics can be a strategic part of their organizational security. Staff, security personnel and network administrator should know all the issues related to computer forensics. Computer experts use sophisticated tools and techniques to recover deleted, damaged or corrupted data and evidence against attacks and intrusions.
This evidence is collected to comply with applicable criminal and civil courts against the perpetrators who commit computer crimes. Survival Ability and integrity of network infrastructure of any organization depends on the application of computer forensics. The current stage of computer forensics should be seen as the basic component of computer and network security. It would be a great advantage for your business if you know all the technical and legal aspects of computer forensics. If your network is attacked and the intruder is trapped since a good knowledge of computer law issues will serve as evidence and prosecute the case in court.
There are many risks if you train the computer forensics bad. If you do not take it in account, when conclusive evidence can be destroyed. New laws are being developed to protect customers’ data, but the type of information is not protected so many debts can be attributed to the organization. New rules may provide organizations in criminal or civil courts of the organizations that fail to protect customer data. Organization can also save money by using computer forensics. Some mangers and staff spent much of their IT budget for network and data security. It is reported by International Data Corporation, (IDC) software vulnerability assessment and intrusion detection will approach $ 1. 45 billion in 2006.
As organizations increase in the number and the risk of hackers and entrepreneurs are also increasing as they have developed their own safety. Various organizations have developed security devices for its network intrusion detection system (IDS), proxies, firewalls, reporting on the security status of networks in an organization. So technically important goal for computer forensics < ; / a> is to recognize, collect, protect and audit data in a way that protects the integrity of the collected evidence that use it effectively in one case.
Investigation of computer forensics has some typical aspects. The first area computer experts who investigate computers should know what type of evidence as they seek to make their search efficiency. Computer crimes are broad in spectrum as child pornography, theft of personal data and destruction of data or computer.
Others should be computer experts or investigators to use appropriate tools. Investigators should have good knowledge of software, latest technologies and methods to recover the deleted, encrypted or damaged files and prevent further damage in the process of recovery.
In computer forensics two types of data collected. Persistent data is stored on local hard drives or other means and are protected when the computer is off or disabled. Volatile data is stored in RAM and is lost when the computer shuts down or loses power. Volatile data is in cache, random access memory (RAM) and registers. Computer experts or investigators should have confidence means of capturing volatile data. Security personnel and network administrators should have knowledge of computer networking and data management effects on the computer forensic process and the ability to recover data lost in a security incident.
Radha Kishan is currently advertising for the Computer Forensics company www. Cyber Evidence. com /
