The procedure starts with identifying the devices used and collecting the preliminary evidence on the crime scene. Then the court warrant is obtained for the seizures of the evidences which leads to the seizure of the evidences. The evidences are then transported to the forensics lab for further investigations and the procedure of transportation of the evidence from the crime scene to labs are called chain of custody. The evidences are then copied for analysis and the original evidence is kept safe because analysis are always done on the copied evidence and not the original evidences.
The analysis is then done on the copied evidence for suspicious activities and accordingly the findings are documented in a non technical tone. The documented findings are then presented in the court of law for further investigations.
Some Tools used for Investigation :
Tools for Laptop or PC –
- COFEE – A suite of tools for Windows developed by Microsoft.
- The Coroner’s Toolkit – A suite of programs for Unix analysis.
- The Sleuth Kit – A library of tools for both Unix and Windows.
Tools for Memory :
Tools for Mobile Device :
- MicroSystemation XRY/XACT
Advantages of Computer Forensics :
- To produce evidence in the court, which can lead to the punishment of the culprit.
- It helps the companies gather important information on their computer systems or networks potentially being compromised.
- Efficiently tracks down cyber criminals from anywhere in the world.
- Helps to protect the organization’s money and valuable time.
- Allows to extract, process, and interpret the factual evidence, so it proves the cybercriminal action’s in the court.
Disadvantages of Computer Forensics :
- Before the digital evidence is accepted into court it must be proved that it is not tampered with.
- Producing and keeping the electronic records safe are expensive.
- Legal practitioners must have extensive computer knowledge.
- Need to produce authentic and convincing evidence.
- If the tool used for digital forensic is not according to specified standards, then in the court of law, the evidence can be disapproved by justice.
- Lack of technical knowledge by the investigating officer might not offer the desired result.
GeeksforGeeks has prepared a complete interview preparation course with premium videos, theory, practice problems, TA support and many more features. Please refer Placement 100 for details
- Information Security and Computer Forensics
- The Power of Computer Forensics in Criminal and Civil Courts
- Digital Forensics in Information Security
- Chain of Custody - Digital Forensics
- Introduction of Firewall in Computer Network
- Introduction of Botnet in Computer Networks
- Introduction of MAC Address in Computer Network
- Digital Evidence Preservation - Digital Forensics
- Computer Science 101
- Computer Networks | Set 9
- What is Computer Crime?
- What happens when we turn on computer?
- Computer Networks | Set 11
- Computer Networks | Set 10
- Computer Networks | Set 8
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.