HarrelsonMalone229
出典: くみこみックス
Introduction Computer forensics could be the practice of collecting, analysing and reporting on digital information in a way which is legally admissible. It might be employed in the detection and prevention of crime and in any dispute exactly where evidence is stored digitally. Computer forensics has comparable examination stages to other forensic disciplines and faces very same issues.
About this guide This guide discusses pc forensics from a neutral perspective. It is not linked to particular legislation or intended to promote a particular enterprise or product and just isn't written in bias of either law enforcement or commercial laptop or computer forensics. It is aimed at a non-technical audience and gives a high-level view of laptop forensics. This guide makes use of the term "laptop", having said that the tips apply to any device capable of storing digital information. Where methodologies have been mentioned they're provided as examples only and do not constitute ideas or assistance. Copying and publishing the whole or component of this post is licensed solely under the terms of the Creative Commons - Attribution Non-Commercial 0 license
Uses of pc forensics There are couple of places of crime or dispute where computer system forensics cannot be employed. Law enforcement agencies have been amongst the earliest and heaviest users of laptop or computer forensics and as a result have normally been at the forefront of developments at the field. Computers could possibly constitute a 'scene of a crime', for instance with hacking [ 1] or denial of service attacks or they could hold evidence in the form of emails, internet history, documents or other files relevant to crimes which includes murder, kidnap, fraud and drug trafficking. It is just not simply the content of emails, documents as well as other files which could be of interest to investigators nonetheless also the 'meta-information' associated with those files. A computer system forensic examination may perhaps reveal as soon as a document very first appeared on a pc, when it was last edited, as soon as it was last saved or printed and which user done these actions.
Guidelines For evidence to be admissible it should be dependable and not prejudicial, meaning that at all stages of this procedure admissibility should be at the forefront of a computer forensic examiner's mind. One set of points which has been widely accepted to help in this may be the Association of Chief Police Officers Good Practice Guide for Computer Based Electronic Evidence or ACPO Guide for brief. Although the ACPO Guide is aimed at United Kingdom law enforcement its principal principles are applicable to all computer forensics in whatever legislature. The four most important principles from this guide have been reproduced under (with references to law enforcement removed):
No action must change data held on a computer system or storage media which is often as a result relied upon in court.
In circumstances where a person finds it important to access original information held on a laptop or storage media, that individual ought to be competent to do so and have the ability to give evidence explaining the relevance and also the implications of their steps.