Types of Computer Forensics Technology

Project Name: Types of Computer Forensics Technology

Description: This blog will help all forensics investigator for Types of Computer Forensics Technology

Author: Rohit D Sadgune

Frequently Asked Question on Computer Forensics Investigation

  • Checklist of Types of Computer Forensics Technology


  1. Move documentary evidence quickly from the printed or typewritten page to computer data stored on floppy diskettes, Zip disks, CDs, and computer hard disk drives.
  2. Create a new type of virtual evidence for e-commerce transactions and email communications over the Internet.
  3. Share computer files over the Internet, when tied to the commission of a crime, (creates a new and novel twist to the rules of evidence and legal jurisdiction).
  4. Keep the venue in mind when criminal activities involve the use of the Internet (venue can be in different cities, counties, states, and/or countries). The evidence needed to prove such computer-related crimes potentially resides on one or more computer hard disk drives in various geographic locations.
  5. Keep in mind that the computer hard disk drives may also be the property of criminals as well as innocent third parties (Internet service providers). Such evidence is commonly referred to as computer evidence, bu’t it is not limited to cases involving computer crimes.
  6. Rely on computer evidence that is connected to a computer crime (not to traditional crimes that are committed using one or more computers as tools in the commission of a crime). Computer crimes are specifically defined by federal and/or state statutes.
  7. Make sure computer evidence resides on computer storage media as bytes of data in the form of computer files and ambient data.
  8. Make sure ambient data (which is usually beyond the awareness of most computer users) provides the computer forensics investigator with the element of surprise when computer users are interviewed. For example, a computer user who believes that he or she destroyed the computer evidence may confess when confronted with part or all of the evidence extracted from ambient data sources.
  9. Make sure your computer investigations rely on evidence that is stored as data and that the timeline of dates and times of files that were created, modified, and/or last accessed by the computer user are recorded. Timelines of activity can be especially helpful when multiple computers and individuals are involved in the commission of a crime.
  10. Make sure your computer forensics investigator always considers timelines of computer usage in all computer-related investigations. The same is true in computer security reviews concerning potential access to sensitive and/or trade secret information stored in the form of computer files. Computer investigations play an important role in cases involving the theft of company trade secrets.
  11. Make sure your intellectual property lawyers rely on computer evidence and computer investigations in such cases as stock frauds, financial frauds, and embezzlements. The same is true concerning criminal litigation involving stock frauds, financial frauds, and embezzlements. Much of the evidence related to these types of crimes will be in computer data form. In the past, documentary evidence used to prove these crimes was exclusively in paper form. However, many computer-related communications and transactions are now conducted without paper documents ever being created. Financial fraud investigators have been forced to change the way they do business.
  12. Make sure your computer-related investigations involve the review of Internet log files to determine Internet account abuses in businesses or government agencies.
  13. Make sure your computer investigations involve the analysis of the Windows swap file.
  14. Make sure you use computer forensics procedures, processes and tools, so that the computer forensics specialist can identify passwords, network logons, Internet activity, and fragments of email messages that were dumped from computer memory during past Windows work sessions. When such leads are identified, they can be perfected through the use of computer forensics text search programs.
  15. Use other computer forensics software tools to document the computer evidence once it has been preserved, identified and extracted.