computer forensics 2
DESCRIPTION
Competition is a situation in which numerous undersized companies provide identical goods at a cost equivalent to MC. In contrary to this situation is monopoly in which cost is inflexible exceeding MC.TRANSCRIPT
![Page 1: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/1.jpg)
Computer Forensics
Computer Forensics
1
![Page 2: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/2.jpg)
Computer Forensics
Introduction
The introduction of computers and internet has created a global revolution in many ways.
Business processes have been streamlined and automated as a consequence of such
operations. The productivity and output has been enhanced through the use of computer
applications (Baryamureeba & Tushabe, 2004: Pg 23). Organizations are able to use the
internet as a means of accessing new global markets. Individuals use the internet as a
means of accessing and exchanging information. The revolution in computers and
internet has a profound and deep impact on human lifestyle. It has altered the nature of
human society in a proficient and effectual manner. Yet this has also posed a serious
challenge in terms of criminal activities and malicious behaviors. Identity fraud and cyber
crimes pose a serious threat at the individual and social levels. The need to adopt a
reliable, scalable, and flexible response has been felt by international organizations and
governments. This means that appropriate procedures need to be adopted in order to
create a uniform set of guidelines (Baryamureeba & Tushabe, 2004: Pg 23). Such an
approach will help in the fight against malicious activities and affairs. It would create a
comprehensive strategy for attaining excellence in the business environment. Computer
forensics is a rapidly emerging field that is concerned with the collection, preservation,
and presentation of digital information. Such information can be used in criminal
prosecution and civil cases (Baryamureeba & Tushabe, 2004: Pg 23). The scope and
intensity of computer forensics is very broad and comprehensive. It seeks to use
technology which can be used to obtain information on digital devices. This information
2
![Page 3: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/3.jpg)
Computer Forensics
can be used as evidence in criminal and civil cases. Computer forensics investigators
engage in a plethora of activities which include examining and assessing the computer
system. Operating system, applications, hardware, and software are assessed in a smart
manner. The evidence is imaged and duplicated to prevent alteration or tampering. It
must be presented in a clear manner because many legal systems have different
guidelines about the admissibility of digital information. The developed world does not
have uniform guidelines in computer forensics. Specific issues like jurisdiction, evidence
collection, preservation, and privacy must be tackled in a systematic and methodical
manner. This means that a systematic approach needs to be adopted in order to create a
robust and flexible formula for success. The use of strategic initiatives through dialogue
and consensus is essential for the development of best practices. Similarly computer
forensics investigators need to be trained in the use of various practices. Quality should
be the criteria along with the knowledge of specific applications and tools. However the
focus should not only be on the skilled use of proprietary software and tools. Computer
forensics investigators must exhibit a commitment towards critical analysis and
assessment. This paper will conduct a literature review about the computer forensics
field. It will identify the national guidelines that exist in EU, US, and UK for computer
forensics field. Finally it will seek to develop a generic model that adopts uniform
guidelines for evidence collection.
3
![Page 4: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/4.jpg)
Computer Forensics
Literature Review
Computer Forensics
Computer forensics has emerged as a new branch of forensic science that seeks to extract
appropriate evidence from digital storage media. The overall aim is to analyze and assess
the information that is present in digital artifacts (Baryamureeba & Tushabe, 2004: Pg
23). Any digital device which uses electronic documents and sequence of packets can be
assessed and investigated by this discipline. Empirical studies have documented the need
for computer forensic techniques in a number of cases. They can be used in criminal
cases to assess and evaluate computer systems that have been used by defendants. Data
can be retrieved in the event of accidents, malicious activities, and emergencies. Intrusion
attempts can be successfully assessed and evaluated by using this process. Information
about the computer systems for troubleshooting and debugging can be obtained by using
computer forensics (Baryamureeba & Tushabe, 2004: Pg 23). The entire process of
investigation should be conducted by using a scientific approach. The computer forensic
investigator should have appropriate and clear objectives. The originality of the data
should be taken into account when conducting an investigation. Accessibility to the
original data should be conducted in an efficient and effective manner. A complete audit
of the various processes that have been performed on the computer should be conducted
by using a proactive and dynamic approach. Normally the investigator is held
accountable for ensuring that the entire procedure is conducted in a legal and transparent
manner. Computer forensics has been constantly updated through the advent of new tools
and applications. There has been a growing trend towards sophistication of technology
and human skills. Empirical studies document that successful computer forensics
4
![Page 5: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/5.jpg)
Computer Forensics
investigators must have analytical and critical skills. They should be able to develop a
complete formula which can be used to attain success. The development of different
strategies is critical for the success of the approach. The use of multifaceted and dynamic
strategies helps to create an optimized result. It leads to the development of efficient and
effective procedures. Computer forensics is a rapidly changing field due to the new types
of threats. Vulnerability assessments are periodically conducted as a means of
strengthening defenses on computer systems. Appropriate backup and recovery
procedures are in place as a means of retrieving information which can be used as digital
information. The use of superior mechanisms enables the critical success of all
approaches. It uses a smart approach that is based upon authentic facts and figures
because it seeks to develop a robust formula for success. The use of different strategies is
critical for attaining success in the business environment. Similarly incidents reporting
process should be strengthened through the use of various strategies. Estimation about the
nature of the incident should be properly safeguarded through the use of smart and
proactive measures. The development of a comprehensive strategy is critical for the
success of the program. The use of multifaceted approaches is essential for producing an
excellent outcome in the business environment. Rogue processes need to be terminated in
an efficient and effective manner. The entire time and date stamps need to be collected in
an efficient and effective manner. Further system patches should be applied through the
use of a vigorous and dynamic process.
Skills and Competencies
5
![Page 6: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/6.jpg)
Computer Forensics
Computer forensics investigators must have a number of competencies and skills in order
to accomplish their tasks in an efficient and effective manner. They must exhibit critical
decision making and thinking abilities. They should have proper analytical and
assessment skills. They must be able to utilize a neutral and objective approach when
conducting investigations (Baryamureeba & Tushabe, 2004: Pg 23). However empirical
studies conclude that the greatest skill for computer forensics investigators is the ability
to maintain the originality and authenticity of the evidence. Computer forensics
investigators are concerned with cyber crimes and internet technologies. They need to
apply proper knowledge in order to conduct threat assessments. Specific strategies are
executed as a means of ensuring dynamic and smart processes (Baryamureeba &
Tushabe, 2004: Pg 25). Clear procedures need to be applied while an understanding of
the legal framework is crucial for the success of the entire program. Computer forensics
investigators need to have constant training and preparation. This approach helps them to
utilize critical thinking skills. Successful computer forensics investigators demonstrate
their ability to apply theoretical concepts in practical situations. The ability to apply
innovative and creative methods to resolve problems is a key competency for the field.
The development of a multifaceted strategy is considered to be essential for the success
of the entire program (Baryamureeba & Tushabe, 2004: Pg 26). An appropriate and
robust strategy should be conducted so that superior outcomes are initiated. Investigators
need to implement best practices by writing extensive manuals. Senior personnel should
be used to train and develop the competencies of junior investigators. The entire process
should be strengthened as a means of attaining efficiency and effectiveness.
Forensic Process
6
![Page 7: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/7.jpg)
Computer Forensics
The forensic process is divided into several steps because such an approach helps
investigators to resolve complex problems. They must be able to apply specific strategies
for the success of the entire program. They must have access to tools that can be used to
generate accurate and reliable reports. Appropriate strategies can help to create robust
initiatives and protocols.
Collecting Digital Evidence
Digital evidence needs to be collected from multiple sources in a proficient and effectual
manner. Electronic devices are the primary source of digital information because they are
easily available. The investigator must seek to adopt special procedures during the
collection process. This is due to the fact that digital information can be altered or
tampered in an accident manner. Further the ability to identify or assess changes can
become a time consuming and cumbersome process. Imaging software is often used as a
means of preventing any changes or alteration in the digital media (Carrier & Spafford,
2003: Pg 56). Chain of custody is created with the sole purpose of saving digital
information. Extensive documentation is performed by skilled and competent
investigators to ensure accuracy and reliability. Tested tools are usually recommended as
a means of ensuring accurate outcomes for the entire process. The digital collection
process cannot ignore the human side of the story. The user needs to be interrogated in an
intelligent and smart manner. This helps the investigators with information about
computer systems, software applications, encryption protocols, and security mechanisms
(Carrier & Spafford, 2003: Pg 56). The user’s information about the network, hardware,
and software can augment the entire process of digital collection. This can create legal
7
![Page 8: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/8.jpg)
Computer Forensics
issues because users might not cooperate with the investigators. Inside the United States,
the law enforcement departments need to obtain special permit from the courts for
collecting digital information. This is done as a means of protecting and safeguarding the
privacy rights of the computer user.
Live vs. Static analysis
Static analysis is a procedure in computer forensics that assesses digital information when
computer systems are shut down. This analysis was also performed to prevent any
alteration or tampering of the digital evidence. It was generally believed that such an
approach would help to prevent or reduce cyber crime incidents. However static analysis
has been dubbed to be inaccurate and unreliable in several cases (Carrier & Spafford,
2003: Pg 56). This has prompted the investigators to initiate live analysis. The benefits of
this approach are that proper encryption techniques can be initiated. Data loss can be
prevented by using an efficient and effective strategy. Further many intruders and hackers
do not leave any trail when committing malicious attacks. The information on computer
memory is abused in order to fool investigators. Live analysis can help to plug this gap
by using a logical and methodical approach (Carrier & Spafford, 2003: Pg 59).
Cryptographic storage has also prompted many computer forensic investigators to apply
live analysis as a means of collecting digital evidence. Live analysis helps in the
development of encryption protocols. Appropriate network security mechanisms need to
be developed as a means of creating powerful strategies against online criminal threats.
Imaging Electronic Evidence
8
![Page 9: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/9.jpg)
Computer Forensics
Imaging has emerged as a major tool in the computer forensics discipline because it seeks
to create exact replicas of computers and other electronic devices. Several imaging tools
can be used to obtain exact duplicates of hard drives (Carrier & Spafford, 2003: Pg 64).
The user-accessible areas are imaged because of their efficiency and effectiveness. This
helps to safeguard the data from any intentional or unintentional tampering. Various
algorithms like MD5 and SHA-1 hash function are used in the imaging process. Hashing
helps to create high levels of efficiency and effectiveness. It leads to the creation of a
robust and viable evidence system that can be used in a number of situations. Imaging
software needs to be selected for interoperability with various operating systems. The
challenge for investigators is the use of open source vs. proprietary software. Open
source is beneficial because it is cost effective (Carrier & Spafford, 2003: Pg 71). Bugs
can be removed through the open source forums present on the internet. However
proprietary software is standardized and interoperable in many different operating
systems.
Collecting Volatile Data
Sometimes computer forensics investigators need to collect evidence from active and
open machines. This is done through analysis and assessment of the applications and
network ports (Casey, 2004: Pg 90). Linux based tools are available for obtaining
information about the network. Surrounding applications and their ports can be analyzed
by using such applications. Registry and RAM can be assessed using such tools since
they play a vital role in helping computer forensics investigators to analyze the use of
emails and other software. Windows partition can be analyzed and assessed by using
9
![Page 10: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/10.jpg)
Computer Forensics
smart and vibrant strategies. BitLocker and Trusted Platform Module are efficient
applications that help in the collection of volatile data (Casey, 2004: Pg 90).
Analysis and Reporting
The entire process of computer forensics requires extensive analysis and reporting. This
needs to be done through the presence of skilled and qualified computer forensics
experts. Analytical skills must be strengthened in an attempt to achieve high levels of
efficiency and effectiveness (Casey, 2004: Pg 90). The use of different skills is
considered vital for the entire process. Computer forensics experts must utilize a
combination of different skills as a means to attaining excellence in the entire
environment. The development of a superior strategy helps to attain goals. The material is
collected as bits of data and information is compiled. Windows registry is analyzed in an
attempt to decipher information about suspected activities. Passwords and keyword
searches are utilized as a means of attaining excellence. E-mail, documents, and pictures
are amalgamated in order to determine appropriate strategies. The reporting process
usually involves having precise knowledge of various protocols and procedures.
Extensive documentation plays a critical role in the development of smart objectives
(Casey, 2004: Pg 92). It creates a supportive environment in which the objectives can be
attained by using a smart strategy. The analysis and reporting should be done through
professionalism and dedication. Appropriate presentation of evidence is often crucial for
the success of smart initiatives.
Computer Forensics: Legal Guidelines USA
10
![Page 11: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/11.jpg)
Computer Forensics
The United States has been leading the information communication technology as
witnessed by the presence of major companies like Microsoft, IBM, Cisco, Nortel, Dell,
Oracle, etc. A set of comprehensive and robust guidelines for computer forensics has
been established in the country. The Fourth Amendment provides protection against
unwarranted search and seizure (National Institute of Justice, 2002: Pg 32). Similarly the
Fifth Amendment provides safeguards against self-incrimination. Wiretap act, Pen
Registers and Trap and Trace Devices Statute, and Stored Wired and Electronic
Communication Act are concerned with the process of regulating the computer forensics
industry in a legal and transparent manner. US guidelines call for safeguarding the
authenticity and value of the evidence. Computer forensic investigators must seek to
apply various safeguards to protect the integrity of the evidence. The target computer
needs to be disconnected with an analysis of its CMOS system. Disk imaging has become
mandatory because it helps to prevent alteration in data and information. This means that
the target media must be replicated in an open and transparent manner. This becomes
crucial because it helps to create an efficient and effective framework. It leads to the
development of smart and prudent procedures that provide high levels of efficiency and
effectiveness (National Institute of Justice, 2002: Pg 32). Computer forensics
investigators are mandated to analyze and examine the various components of the
computer. This means that operating system, windows, registry, RAM, hardware, and
software need to be evaluated in a smart and intelligent manner. The development of a
comprehensive framework has led to the production of smart outcomes. It has enabled the
creation of efficient and effectual goals. Law enforcement departments in the United
11
![Page 12: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/12.jpg)
Computer Forensics
States cannot conduct illicit searches and seizures. They need to obtain court orders in
which they can access the computers for legitimate purposes (National Institute of
Justice, 2002: Pg 34). However new legislation that has been enacted in the aftermath of
9/11 means that the process of issuing court warrants has been expedited. This has been
due to the sheer threat of terrorism which can threaten the interests of the United States.
Pre-9/11 laws were considered to hinder the ability of law enforcement officers to
successfully fight against terrorists and criminals. The legislation in the United States
also seeks to create a collaborative and efficient framework in the fight against online
threats. The United States has a well developed and advanced system for computer
forensics (National Institute of Justice, 2002: Pg 32). This system has been instrumental
in thwarting new types of threats. However there are concerns that the system is rigid and
inflexible since it does not lead to efficient outcomes. The law enforcement departments
do not have adequate training in collection of digital evidence. Further static analysis of
data is still pursued despite extensive legislation. This calls for policy makers to develop
superior outcomes which can allow success in the business environment. The
development of robust and appropriate procedures is critical for the success of the entire
program (National Institute of Justice, 2002: Pg 32). The use of a multifaceted strategy is
essential for producing superior outcomes. Multiple approaches need to be enhanced
through a systematic and logical approach. American law stipulates a number of
important principles during the digital information collection process. The seizure of
information must not prevent its alteration or tampering. Only qualified computer
forensics investigators must be able to intervene during the digital evidence collection
process. Collection, preservation, storage and transfer of evidence must be reported in
12
![Page 13: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/13.jpg)
Computer Forensics
proper documentation (Baryamureeba & Tushabe, 2004: Pg 23). This is done in order to
prevent human errors from interfering in the entire process. Every computer forensics
investigator is responsible for the preservation and safety of the evidence. This is done in
order to ensure high levels of efficiency and effectiveness. Private agencies involved in
the entire process must ensure compliance with government procedures and regulations.
However despite the presence of such overwhelming guidelines, the margins of error and
failure continue to exist. The lack of proper documentation has been recognized as the
greatest threat in the computer forensics industry. The lack of accurate information for
the decision making structures can lead to problems (Baryamureeba & Tushabe, 2004: Pg
29). Accessibility to digital evidence must be safeguarded by using a smart and proactive
approach. Similarly incidents reporting process should be strengthened through the use of
various strategies. Estimation about the nature of the incident should be properly
safeguarded through the use of smart and proactive measures. The development of a
comprehensive strategy is critical for the success of the program. The use of multifaceted
approaches is essential for producing an excellent outcome in the business environment.
Rogue processes need to be terminated in an efficient and effective manner. The entire
time and date stamps need to be collected in an efficient and effective manner. Further
system patches should be applied through the use of a vigorous and dynamic process. The
development of smart strategies is critical for the success of the entire program. The use
of multifaceted strategies helps to produce significant gains for computer forensics
investigators (Baryamureeba & Tushabe, 2004: Pg 32). Computer forensics investigators
need to utilize a number of tools and software. The use of various applications helps to
create superior outcomes for the entire process.
13
![Page 14: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/14.jpg)
Computer Forensics
Computer Forensics: Legal Guidelines European Union
The European Union has established an organization called “The Council of Europe
Convention on Cybercrime”. This organization has created a number of consistent and
reliable guidelines to regulate the discipline of computer forensics. The objectives have
been to create high levels of consistency and reliability between the various elements of
the law. It seeks to empower local law enforcement departments with the required
training to successfully implement the guidelines of the computer forensics discipline.
Finally it seeks to create consensus among member states to create uniform guidelines in
the discipline of computer forensics. It seeks to prevent cyber crimes like identity theft,
fraud, and hackers. It seeks to create a robust framework against illegal access, data
interference, system interference, and misuse of devices. The European Union believes
that quality assurance is essential for the successful implementation of computer
forensics (Reith, Carr, & Gunsch, 2002: Pg 123). This can be achieved only if verifiable
and reliable procedures for audit exist in various departments. Computer forensics
investigators must demonstrate a set of competencies which are essential for the success
of the program. They should have practical knowledge and expertise which can help them
in the field. Further they also need to achieve high levels of efficiency and effectiveness.
The development of a comprehensive strategy is essential for the success of the program.
The use of multidimensional and multifaceted approaches is critical for the attainment of
objectives and targets. The competencies of investigators are checked in a formal and
14
![Page 15: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/15.jpg)
Computer Forensics
logical manner. Specific performance measurements and objectives are outlined in order
to strengthen the entire process (Reith, Carr, & Gunsch, 2002: Pg 123). The EU
guidelines are robust since they focus on quality assurance. They take up vigorous tests in
order to ensure quality assurance and control in the environment. This helps in the
process of recruiting competent and qualified computer forensics investigators who can
assist in the process. A major plus point of the guidelines is that scientific research and
review is periodically conducted about tools and processes. This approach helps the
departments to obtain valuable information about the strengths and weaknesses of their
approach. It helps to create a collaborative environment in which efficiency and
effectiveness can be attained. However a major problem with EU guidelines is that some
member states have refused to collaborate with each other (Reith, Carr, & Gunsch, 2002:
Pg 123). Each country has different approaches towards empowering law enforcement
departments with the powers to engage in computer forensics. Also despite extensive
guidelines, the goal of quality assurance and excellence remains an elusive goal. The EU
needs to take into account various factors. Appropriate methods for data collection should
exist on the efficacy of computer forensics approaches. Different strategies should be
utilized in order to create a generic model (Reith, Carr, & Gunsch, 2002: Pg 125).
This approach will lead to high levels of efficiency and effectiveness. It would create a
collaborative framework in which efficiency and effectiveness can be attained. Further it
would help to eradicate problems that are faced in the business environment. Cyber
crimes need to be thwarted by using a professional and collective response from member
states.
15
![Page 16: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/16.jpg)
Computer Forensics
Computer Forensics: Legal Guidelines United Kingdom
The United Kingdom has a set of broad legal guidelines for computer forensics. The local
governments and national governments have separate laws that guide the entire process.
The most important difference in the national and state systems is the type of evidence
that can be collected. There is a focus on providing autonomy to each county because of
the legal system (Steinke, 1997: Pg 49). The results are that there are no uniform or
consistent guidelines in the entire process. There is a trend towards accepting certain
types of digital evidence while rejecting others. This creates numerous problems as cases
can become vague and ambiguous. However the British system helps to use new laws
that have accepted the validity of the computer forensics. The principles for digital
evidence collection are to preserve its authenticity. Further there is a focus towards
ensuring that computer systems are not altered or tampered. The evidence must be
duplicated through the use of imaging software. Specific protocols are present for
analyzing and assessing the evidence in an effective and efficient manner (Vacca, 2002:
Pg 102). The United Kingdom under the government of Tony Blair implemented a
number of laws which were designed to fight cyber crimes. The threat of terrorism in the
UK has led the government to implement different laws. This has led to the development
of protocols which enable the creation of efficient and effective approaches. Digital
evidence collection involves the process of identifying malicious files and documents. It
also involves investigating and assessing the financial assets of suspected groups. Law
enforcement departments can investigate financial assets through legal orders (Vacca,
2002: Pg 123). The development of different protocols has led to the creation of new
16
![Page 17: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/17.jpg)
Computer Forensics
dynamics. The UK system needs to be modified by adopting a number of measures and
approaches. At the basic level it should seek to have standardized collection,
preservation, and presentation standards. A regulatory manual should exist that can act as
a source of guidance for investigators. The telecommunications infrastructure needs to
be monitored and assessed because it is the key for success in computer forensics. The
development of different approaches is critical for the success of the program. The use of
innovative and creative approaches is essential if it must succeed (Vacca, 2002: Pg 125).
However there are concerns that the system is rigid and inflexible since it does not lead
to efficient outcomes. The law enforcement departments do not have adequate training in
collection of digital evidence. Further static analysis of data is still pursued despite
extensive legislation. This calls for policy makers to develop superior outcomes which
can allow success in the business environment. The development of robust and
appropriate procedures is critical for the success of the entire program. Quality should be
the main performance measurement for computer forensics investigators. This is essential
because investigators need to exhibit smart skills in collection, preservation, and
presentation of evidence. Similarly the legal workforce should be taught about the basics
of computer forensics. The development of a robust structure will produce superior
expectations in the entire discipline. The United Kingdom has set of authentic and
verifiable procedures for computer forensics investigations. It seeks to improve the
efficiency by using multiple strategies (Baryamureeba & Tushabe, 2004: Pg 35).
Qualified experts are needed in order to ensure the success of the program. The UK has
an efficient system that mandates the use of proper documenting and reporting. The
estimates about the nature of the threat are deemed to be crucial for the success of the
17
![Page 18: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/18.jpg)
Computer Forensics
entire program. The use of multifaceted strategies is critical for ensuring a robust
formula. Computer forensics needs to be developed through the use of smart and robust
strategies. Flexible, reliable, and scalable models are needed in order to ensure the
success of the program. The use of dynamic strategies helps to create an excellent
outcome for the entire model. Appropriate validation techniques must be implemented
while rogue processes need to be terminated (Baryamureeba & Tushabe, 2004: Pg 36).
The system should remain in a safe state to prevent file corruption or tampering. It must
be safeguarded from physical threats that could destroy the integrity of the evidence. The
development of a safe and smart approach is essential for the entire system. The use of
multifaceted approaches helps to create excellent outcomes for the entire program.
Generic Model
Computer forensics is rapidly emerging as a necessity for many countries in the world. It
plays a critical role in criminal and civil cases. Moreover it can be used as a powerful tool
in many different types of cases. It leads to scalable, reliable, and agile criminal
investigation procedures (Forcht & Ayers, 2001: Pg 55). Cyber crimes are changing as
criminals seek to develop new tactics to subvert security mechanisms. An international
consensus needs to be applied through the development of common standards and
protocols. The use of such strategy is based upon superior outcomes. A generic model for
computer forensics investigation needs to be created and applied. The development of
smart and prudent procedures is critical for the success of the program (Forcht & Ayers,
2001: Pg 55). The evolution of computer forensics is strongly interlinked with the
18
![Page 19: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/19.jpg)
Computer Forensics
development of technologies and applications. The first important aspect of the process is
to strengthen the preparation part. This is crucial for the success of a forensic
investigation. Preparation should focus on attaining the evidence in an efficient and
effective manner. The veracity of the evidence should be outlined in a cost effective and
smart manner. The data must be analyzed and assessed by using a proactive approach.
Collection, examination, analysis, and reporting are key components of preparation. They
seek to obtain evidence in an efficient and effective manner (Forcht & Ayers, 2001: Pg
55). They strive to create an environment in which superior outcomes can be attained
through the development of various approaches. The investigation stages should provide
a complete range of activities which are vital for the success of the generic model. The
basic standards should be uniform and consistent in recognition with consensus taken
from the international community. Appropriate policies and procedures should be
implemented as a means of ensuring smart investigations. The training of employees
should be conducted in a vigorous and authentic manner (Forcht & Ayers, 2001: Pg 55).
Appropriate legal information should be investigated and analyzed within the framework
of national legal systems. The investigation stage should seek to search and recognize
evidence found on computers. The evidence must be safeguarded in a safe environment
while proper tools should be used to prevent destruction of evidence. Analysis is a key
component of the generic model because it seeks to identify the value of the evidence. It
seeks to ensure appropriate findings can be derived by computer forensics investigators.
Further there is the need to present and prove the analysis in a smart and productive
manner. The development of multifaceted strategies is vital for the success of the
program (Baryamureeba & Tushabe, 2004: Pg 40). A generic model has been developed
19
![Page 20: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/20.jpg)
Computer Forensics
through constant analysis and assessment of the literature review. Best practices have
been identified for the success of the entire program. The use of different strategies is
crucial for attaining excellence in the environment. The use of multifaceted approaches
helps to create optimized results. It creates innovative and creative mechanisms for
change in a field that is characterized by new challenges and threats.
Search and Seizure
Search and seizure of digital evidence is a major bone of contention among various legal
systems. There is the need to apply smart procedures that can be used to strengthen the
entire process. Further such a strategy can be attained through the development of
efficient and effective procedures (Volonino & Anzaldua, 2006: Pg 176). The key to
success is to develop a set of standards that can be used to distinguish a proper search and
seizure from an illegal one. The presence of smart procedures needs to be performed in
an efficient and effective manner. Warrants need to be implemented in a robust and
efficient manner so that the privacy of citizens is safeguarded. Verbal and written consent
for search and seizure is essential for implementing legal safeguards. This will help to
strengthen the entire process through a systematic and logical manner. It is critical to find
a middle way between the desire to strengthen law enforcement departments and protect
civil liberties. There should be focus on excellence and quality so that search and seizure
processes do not become intrusive (Volonino & Anzaldua, 2006: Pg 180). Further
appropriate measures should be undertaken to prevent criminals from taking advantage of
20
![Page 21: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/21.jpg)
Computer Forensics
relaxed rules and regulations in the developed world. Collection, examination, analysis,
and reporting are key components of preparation. They seek to obtain evidence in an
efficient and effective manner. They strive to create an environment in which superior
outcomes can be attained through the development of various approaches.
Qualified Experts
There is an urgent need to modify procedures for the determination of computer forensics
investigators. This can be done by determining the tools which provide authentic and
valid evidence for digital information collection. Further the professional should not
remain an expert on applications because other competencies need to be determined to
create a talented workforce (Volonino & Anzaldua, 2006: Pg 193). The expert must be
able to apply analytical and critical thinking skills for the success of the approach.
Understanding the various standards is essential for the success of the approach.
Computer forensic investigators need to adhere to several standards during the digital
evidence collection process (Volonino & Anzaldua, 2006: Pg 192). Unallocated file
space needs to be investigated and assessed during the entire process. This is due to the
fact that any data which is deleted remains in the unallocated file space. Information
contained in such space can provide valuable information which is crucial for the
investigation process. Several types of temporary files might be stored in the computer.
This provides a set of robust tools at the disposal of the computer forensics investigator.
A set of consistent and uniform guidelines for qualified experts will help to enhance the
entire process. A generic model for computer forensics should look into various aspects
of the problem (Volonino & Anzaldua, 2006: Pg 193). It should seek to develop a robust
21
![Page 22: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/22.jpg)
Computer Forensics
framework that can enhance quality in the entire process. Proprietary tools that have been
known for their efficacy should be utilized as a means of augmenting the skills and
competencies of the computer forensics investigators.
Flexible Model
A generic model for computer forensics should be able to be flexible, reliable, and
scalable since it must respond to the requirements of new challenges and threats.
Computer security is rapidly evolving field that requires the application of innovative and
creative strategies. New tools and applications must be developed along with
administrative and legal procedures (Volonino & Anzaldua, 2006: Pg 193). Such a
strategy helps to create proficiency and competence in the computer forensics
environment. Computer forensics investigators must follow a set of procedures that help
to create superior outcomes. The generic model described in this report details the steps
which an investigators must pursue during analysis and assessment of cases.
Protection
Computer forensics investigators must ensure the safety of the computer system from
intentional or unintentional destruction. This process is crucial for preservation of digital
evidence because it helps in the resolution of criminal and civil cases. Specific threats
could include hackers or intruders attempting to tamper or alter the data. This creates
high levels of risk during the legal process as tampered evidence might not be sufficient
to resolve cases (Volonino & Anzaldua, 2006: Pg 154).
22
![Page 23: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/23.jpg)
Computer Forensics
Inspection and Analysis
Computer forensics investigators must have the required skills to successfully analyze
and assess the evidence. This step is crucial because the investigators must find all types
of files that are present in the system. Such a step can occur only if the experts are trained
in variety of tools and applications. They must be able to demonstrate a strong
commitment towards excellence and quality (Volonino & Anzaldua, 2006: Pg 154).
Training of computer forensics investigators must be undertaken by using a number of
performance measurements and objectives.
Recovery, Reveal and Access
Computer forensics investigators must be able to recover deleted files in an efficient and
effective manner. They must be skilled in the process of deducing the content that is
present in deleted and hidden files. Such a strategy should lead to the success of the
program. They must be equipped with specific competencies that can be used to ensure
quality and standard in the discipline (Volonino & Anzaldua, 2006: Pg 154). Computer
forensics investigators must be able to apply critical thinking and analytical skills for the
success of the approach. The utilization of smart strategies is crucial for creating
conclusive results during the investigation process. Collection, examination, analysis, and
reporting are key components of preparation. They seek to obtain evidence in an efficient
and effective manner. They strive to create an environment in which superior outcomes
can be attained through the development of various approaches.
23
![Page 24: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/24.jpg)
Computer Forensics
Analysis, Reporting and Testimony
Computer forensics investigators must be able to successfully analyze and assess the
various components of the digital evidence. Relevant information should be properly
documented and reported in an efficient and effective manner. This strategy helps to
create a collaborative framework in which the objectives can be attained. The
development of a logical and rational approach helps to produce excellent outcomes in
the process (Bryant, 2008: Pg 154). The final task for computer forensics investigators is
to provide testimony in criminal or civil cases. This is an important competency for
investigators because it helps to resolve cases. The testimony can play a conclusive role
in the development of smart and prudent approaches.
Jurisdictional Issues
Countries throughout the world need to resolve the jurisdictional issues that can occur
inside their territories. The difference between national and local laws needs to be
resolved in a systematic and logical manner. A robust framework will help to remove
ambiguities and vagueness in the process (Brown, 2006: Pg 123). Computer forensic
investigators need to adhere to several standards during the digital evidence collection
process. Unallocated file space needs to be investigated and assessed during the entire
process. This is due to the fact that any data which is deleted remains in the unallocated
file space. Information contained in such space can provide valuable information which is
crucial for the investigation process. Several types of temporary files might be stored in
the computer. It will lead to the development of a legal system that is tuned to the
problem of resolving the issue (Brown, 2006: Pg 123). Computer forensics investigators
24
![Page 25: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/25.jpg)
Computer Forensics
need to be equipped with the legal safeguards that can enable them to conduct research in
a practical and logical manner. The use of smart strategies will help to create optimum
conditions. The development of an efficient and effective framework is crucial for the
success of different approaches.
Computer Evidence Presentation
There is need to develop a consensus about the admissibility of computer evidence in
courts. The lack of robust guidelines means that the process has become inefficient and
flawed in many legal systems. The various forms of digital evidence need to be closely
studied and analyzed by the legal experts (Fisher & Koloswski, 2007: Pg 93).
Standards need to be uniform and consistent for evidence like email, video files, and
word documents. Requirements should be based upon current trends and industry norms.
This process will help to create a smart procedure for evidence handling procedures.
Similarly qualified experts must be present in order to create efficient and effective
procedures. A generic model for computer evidence presentation should exist through the
use of strategic initiatives. Privacy regulation is a major factor that needs to be tackled by
using analytical and assessment skills (Fisher & Koloswski, 2007: Pg 93). Evidence
needs to be thoroughly checked for its veracity and authenticity in order to prevent
problems.
Best Practices Guide
Computer forensics is a rapidly changing field with the advent of new threats and
technologies. The expertise of senior personnel should be used as the criteria for creating
25
![Page 26: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/26.jpg)
Computer Forensics
a best practices guide. Such a guide would help in the collection, analysis, preservation,
and presentation of the evidence. It would create innovative and creative industry
standards that can be used to resolve problems (Britz, 2004: Pg 102). An international
methodology for computer forensics is essential for the success of the discipline. This
will help to remove legal problems that are often encountered in the courts. The
development of reliable and uniform measures is crucial for the success of the approach.
Best practices guide should be frequently updated in order to meet the challenges of the
twenty first century. A robust formula for success can ensure that appropriate measures
will be adapted (Fisher & Koloswski, 2007: Pg 93). There is the need to focus on
efficiency and effectiveness. Such an approach leads to the development of smart and
prudent approaches. It creates a powerful framework for efficiency and effectiveness.
Appropriate standards will help to create a powerful framework that can be flexible and
innovative. The use of several approaches is recommended in order to develop a
collaborative network for smart outcomes.
Computer Literacy in the Legal Sector
A crucial aspect of the strategy to develop a generic model must be the creation of
computer literacy in the legal sector. Lawyers and judges need to be aware about the
fundamentals of the field. This will help to create a realistic and correct approach towards
computer forensics (Heizer & Kruse, 2002: Pg 23). It would lead to the development of a
collaborative framework in which efficiency and effectiveness can be attained. Further it
would lead to the development of smart and prudent objectives. It would help to create
26
![Page 27: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/27.jpg)
Computer Forensics
high levels of efficiency and effectiveness. It would lead to smart objectives in which the
goals would be accomplished by using a systematic and logical approach. Collection,
examination, analysis, and reporting are key components of preparation (Heizer & Kruse,
2002: Pg 23). They seek to obtain evidence in an efficient and effective manner. They
strive to create an environment in which superior outcomes can be attained through the
development of various approaches. The investigation stages should provide a complete
range of activities which are vital for the success of the generic model. The basic
standards should be uniform and consistent in recognition with consensus taken from the
international community. Appropriate policies and procedures should be implemented as
a means of ensuring smart investigations. The training of employees should be conducted
in a vigorous and authentic manner (Volonino & Anzaldua, 2006: Pg 193).
Confidential Records and Business Systems
Evidence collection needs to be strengthened by using a logical and developed
framework. The use of multiple strategies will help to create a collaborative framework.
It would remove uncertainty in the process through the development of correct
proceedings. It would lead to legislative mechanism which can be used for proper
management and planning (Heizer & Kruse, 2002: Pg 23). Law enforcement departments
need to be provided with adequate safeguards that would enable them to fight crime using
computer forensics. The development of a collaborative structure is crucial for the
success of the entire program. The use of multiple strategies has been recommended as a
means of attaining excellence in the business environment. Several approaches need to be
applied as a means of resolving problems. Computer forensic investigators need to adhere
27
![Page 28: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/28.jpg)
Computer Forensics
to several standards during the digital evidence collection process. Unallocated file space
needs to be investigated and assessed during the entire process (Volonino & Anzaldua,
2006: Pg 193). This is due to the fact that any data which is deleted remains in the
unallocated file space. Information contained in such space can provide valuable
information which is crucial for the investigation process. Several types of temporary
files might be stored in the computer. This provides a set of robust tools at the disposal of
the computer forensics investigator.
Criminal Prosecution versus Civil Trial
This generic model recommends that policy makers make research into the issues that are
faced in criminal prosecutions and civil trials. It is important to understand the
differences so that different guidelines can be developed. Further there is the need to
define computer forensics in a broad and comprehensive manner. Many corporate
organizations seek to deter intruders and implement adequate safeguards in their
computer systems (Nelson, Philips, Enfinger & Steuart, 2004: Pg 67). The key
stakeholders need to be engaged in differentiating the processes of criminal prosecutions
and civil trials.
Privacy Issues and Workplace Surveillance
Privacy remains a major issue in the developed world that has adequate safeguards
against interference and violation of personal rights. This creates a level of ambiguity in
the computer forensics. There is the need for creating permissible behavior that will be
used for legitimate purposes. Computer forensics needs to be conducted in a proficient
28
![Page 29: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/29.jpg)
Computer Forensics
and competent manner (Mandia & Prosise, 2001: Pg 102). Employee’s privacy rights
should be respected by using a dynamic and smart approach. There should be no breaches
because there is the need to adopt a balance between security and privacy. Safety
measures need to be taken during the collection and extraction of data from computers.
Access and Exchange of Information
Information accessibility and exchange between various organizations is essential for the
success of a generic model. There is the need to ensure that privacy and confidentiality of
the clients can be protected in a safe and transparent manner. Further there is the need to
ensure that the private sector will cooperate with law enforcement officers and
departments (Nelson, Philips, Enfinger & Steuart, 2004: Pg 67). An integrated effort
should be applied for the development of strategic initiatives in computer forensics.
Private organizations must be given adequate guidelines about their duty to collect and
access information. This is done in order to protect the privacy of consumers.
International Cooperation
This is the key to success in computer forensics when developing a generic model.
International conventions and protocols need to be studied and analyzed in a systematic
manner. Such an approach helps the development of universal standards as law
enforcement departments can easily exchange and access information (Cairdhuain, 2004:
Pg 54). Since cyber crime is cross border in nature, international cooperation is valid for
the success of the program. The internet traverses conventional boundaries hence flexible
protocols should be developed for overcoming problems that international agencies might
29
![Page 30: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/30.jpg)
Computer Forensics
face during cross country investigations. This means calling for interoperability in digital
evidence collection procedures. The laws about information exchange and accessibility
by foreign agencies should be made clear and transparent (Solms & Lourens, 2006: Pg
90). The development of a smart framework is crucial for the success of innovative and
creative approaches. Free exchange of information between nations should be based upon
local interests and guidelines. Computer forensic investigators need to adhere to several
standards during the digital evidence collection process (Solms & Lourens, 2006: Pg 90).
Unallocated file space needs to be investigated and assessed during the entire process.
This is due to the fact that any data which is deleted remains in the unallocated file space.
Information contained in such space can provide valuable information which is crucial
for the investigation process. Several types of temporary files might be stored in the
computer. Computer forensics as a field has been growing at exponential rates in many
countries. A collaborative framework needs to be established for resolving problems by
devising standardized protocols and procedures. Computer Forensics departments
throughout the world need to exchange and access information with each other. This
approach will produce a force multiplier as it will help to combat the diverse nature of
threats that are faced by computer forensics investigators. The development of a complete
strategy is essential for the success of the entire program. Several strategies need to be
implemented in order to create an efficient and effective approach. The development of
smart strategies is crucial for creating an optimized effort against the entire array of
threats. The widespread international implementation of computer forensics will create a
reservoir of diversified expertise (Cairdhuain, 2004: Pg 54). This can be utilized in the
fight against various threats. It can create optimized solutions that are flexible and
30
![Page 31: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/31.jpg)
Computer Forensics
reliable instead of adopting a conservative attitude. A holistic model for computer
forensics needs to be devised through the use of effective and efficient strategies. The
development of a comprehensive approach is critical for the success of the entire
program. The use of different strategies has been recommended as a means of measuring
success and excellence in the field (Cairdhuain, 2004: Pg 54).
31
![Page 32: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/32.jpg)
Computer Forensics
References
Baryamureeba, V. and Tushabe, F.: The Enhanced Digital Investigation ProcessModel Digital Forensics Research Workshop. 2004.
Carrier, B. and Spafford, EH.: Getting Physical with the Investigation ProcessInternational Journal of Digital Evidence. Fall 2003, Volume 2, Issue 2, 2003.
Casey, E.: Digital Evidence and Computer Crime, 2nd Edition, Elsevier AcademicPress, 2004.
National Institute of Justice. Results from Tools and Technologie Working Group,Goverors Summit on Cybercrime and Cyberterrorism, Princeton NJ, 2002.
Reith, M., Carr, C. and Gunsch, G.:An Examination of Digital Forensic Models,International Journal of Digital Evidence. Fall 2002, Volume 1, Issue 3, 2002.
Ciardhuáin, SO.: An Extended Model of Cybercrime Investigations, InternationalJournal of Digital Evidence. Summer 2004, Volume 3, Issue1, 2004.
Van Solms, SH. and Lourens, CP.: A Control Framework for Digital Forensics,IFIP 11.9, 2006.
Nelson, B., A. Phillips, F. Enfinger, and C. Steuart. Guide to Computer Forensics and Investigations. Canada: Thomson, 2004.
Mandia, K. and C. Prosise. Incident Response: Investigating Computer Crime. California: McGraw-Hill, 2001.
Steinke, G. "A Task-Based Approach to Implementing Computer security," Journal of Computer Information Systems, 38:1, 1997, pp. 47-53.
Vacca, J.R. Computer Forensics: Computer Crime Scene Investigation. Hingham, MA: Charles River Media, 2002.
Forcht, K.A. and W.C. Ayers, W.C. "Developing a Computer security Policy for Organizational Use and Implementation," Journal of Computer Information Systems, 41:2, 2001, pp. 52-57.
Heizer, J. and W. Kruse. Computer Forensics: Incident Response Essentials. Boston: Addison-Wesley, 2002.
Britz. T, M (2004) Computer Forensics and Cyber Crime: An introduction.Pearson Prentice Hall
32
![Page 33: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/33.jpg)
Computer Forensics
Brown, T.L.C (2006) Computer Evidence Collection & Preservation.Charles River Media
Bryant, R (2008) Investigating Digital Crime.John Wiley & Sons, Ltd
Volonino, L. & Anzaldua, R. & Godwin, J. (2006) Computer Forensics: Principles and P
Fisher, B & Fisher, D & Kolowski, J (2007) Forensics Demystified: A self teaching guide.Mc Graw Hill
33
![Page 34: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/34.jpg)
Computer Forensics
Bibliography
DiGregory, K. V. Statement to the United States Department of Justice before the Subcommittee on the Constitution of the House Committee on the Judiciary on the Fourth Amendment and the Internet, http://www.usdoj.gov/criminal/cybercrinie/inter4th.htm, April 6, 2000.2.
Forcht, K.A. and W.C. Ayers, W.C. "Developing a Computer security Policy for Organizational Use and Implementation," Journal of Computer Information Systems, 41:2, 2001, pp. 52-57.3.
Foroughi, A. and W.C. Perkins, "Ensuring Internet security," Journal of Computer Information Systems, 37:1, 1997, pp. 33-38.4. G8 Online: An Online University-Level Course About the G8 and its Annual Summit, http://www.g8online.org.
\Gottfried, G. "Taking a Byte Out of Crime." Network, 2001, p. 90.
Heizer, J. and W. Kruse. Computer Forensics: Incident Response Essentials. Boston: Addison-Wesley, 2002.
Kros, J.R., C.B. Foltz, and CL. Metcalf. "Assessing & quantifying the Loss of Network Intrusion," Journal of Computer Information Systems, 45:2, pp. 36-42.8. Lam, C.C. U.S. Department of Justice, Southern District of California, http://www.usdoj.gov/criminal/cybercrime/okeefeArrest.htm, press release, September 29, 2003.
Mandia, K. and C. Prosise. Incident Response: Investigating Computer Crime. California: McGraw-Hill, 2001.
Nelson, B., A. Phillips, F. Enfinger, and C. Steuart. Guide to Computer Forensics and Investigations. Canada: Thomson, 2004.
Seymour, J. and E. Robinson. "International Viruses and the Computer Network," v Journal of Computer Information Systems, 35:1, 1995, pp. 23-27.
Steinke, G. "A Task-Based Approach to Implementing Computer security," Journal of Computer Information Systems, 38:1, 1997, pp. 47-53.
United States Department of Justice. Field Guidance on New Authorities That Relate to Computer Crime and Electronic Evidence Enacted in the USA Patriot Act of 2001. http://www.usdoj.gov/criminal/cybercrime/PatriotAct. htm.
Vacca, J.R. Computer Forensics: Computer Crime Scene Investigation. Hingham, MA: Charles River Media, 2002.
34
![Page 35: Computer Forensics 2](https://reader034.vdocuments.net/reader034/viewer/2022051820/55271d07550346dc358b46a1/html5/thumbnails/35.jpg)
Computer Forensics
Villafania, A.F. "Philippine Government Agencies Eye Computer Forensics," WashingtonPost Newsweek Interactive, 2002, NWSB02142004.
35