Computer forensics

This term means all actions connected with providing electronic evidence of crimes and frauds or recovering data from carriers in order to establish the motives of parties in court proceedings. Computer forensics specialists prepare electronic data which fulfil evidence criteria in accordance with currently applicable regulations.

Computer forensics is used in computer crime and more — at the moment, it is used in many criminal and civil cases. These methods are most often used in cases concerning embezzlement, data theft, breaching labour law, copyright infringement, disclosure of business secrets, but also in criminal cases: terrorism, suicide, paedophilia, organised crime, illegal drug trade, etc.

Electronic proof is any information in an electronic form which can be used in court as evidence. Its main source may be desktop computers, laptops, smartphones, mobile devices, external hard drives, optical drives, flash drives, servers, databases.

Application of computer forensics

IKONA IKONA IKONA IKONA IKONA
EMBEZZLEMENT DATA THEFT BREACH OF LABOUR LAW AND COPYRIGHT INFRINGEMENT DISCLOSURE OF BUSINESS SECRETS CRIMINAL CASES AND TERRORISM

In the course of securing and gathering evidence, it is important to document each action so that the material does not lose its evidential value and can be used in court. The compatibility of gathered information with the original carrier is established based on calculated checksums, which in both cases must be compatible. Seals on cases and ports are also used. A carrier will be considered evidence only when it has not been modified following the date of its securing. For that purpose, a blocker is used, which prevents overwriting data on the carrier. All works are conducted on a copy, specially made in the computer forensics lab. Location of electronic evidence Evidence or information required may be located in various places on the computer.

Data in the system:

  • e-mail
  • documents
  • temporary files
  • logs, registers
  • browser data

Hidden data:

  • metadata
  • deleted data
  • slack space
  • RAM-slack

Computer environment

  • computer networks
  • backup
  • print queuing files
  • other carriers

Internet resources:

  • social portals
  • Internet communicators
  • cloud disks
  • search engines