Computer forensics
Computer forensics is an area of digital forensics whose goal is to collect, correlate, analyze and recreate digital evidence form a device, in a way which is acceptable in the court of law. Also, maybe not less important, depending on ones perspective is its application in corporate security and discovering misuse and subsequent damage.
Reasons for computer forensics
- mass use of computers for private and professional purposes
- many ways to hide data – hidden, encrypted, on the parts of the media which is not visible to OS
- deleted and damaged files
- evidence for the police and the court
- device history
Basic rule of digital forensic, which is to be applied to both computer and mobile forensics, is to guarantee integrity of the original. That means the after the securing of the original, first thing is to make a digital copy, and in a documented procedure, store the original on the safe place to avoid contamination. The whole of research is done on a digital copy (except in cases of live analyzes, but even then only as much as it is absolutely necessary).
Digital forensics methods:
- Recapturing deleted data – finding files or pieces of files, so as to reconstruct the whole picture
- Stenography – finding data hidden in other data
- Live analysis – necessary in cases of encrypted data, to extract and copy decryption keys or make a copy of already decrypted sectors
- Stochastic analysis – Methods of digital forensics where you don’t seek the evidence, but rather the results of a potential action. Maybe the best analogy would be the output from the black box. This is used mostly in data theft.
- Analysis of fragmented data – method used when the data is fragmented on several different media, and each piece by itself doesn’t have a function.
Depending on the state and device type, as well as the conditions in which it came, depends the success of the service. Regardless whether the service was successful or not, computer forensics is charged by a number of hours the technician spends working on the case, as is defined in the pricelist.
Privacy and protection is taken care from step one, through the reception form, limited access to the device in question, and restricted data access to referent technician.
Data Solutions is the only local company that through forensic analysis assisted and participated in investigations of the Ministry of Internal Affairs of the Republic of Serbia, as well as the Special Department of Belgrade District Court for Organized Crime. Through cooperation with the Ministry of Justice as well as licensed IT experts, our company became a leader and pioneer in this area in Serbia.
The entire research project, texts and conclusions presented on these pages resulted from the scientific paper ‘Digital Evidence in Criminal Procedure Code’ jointly written by one of the founders of Data Solutions Laboratories Nikola Radenkovic and PhD Mirjana Drakulic, a professor of the Faculty of Organizational Science. Professor Drakulic is a pioneer in researching the legal aspect of computer crime on the territory of the Republic of Serbia
The area pertaining to computer crime and computer forensics is only just developing in our country. You can find a lot of useful information on these pages.
IF YOU NEED ANY ADDITIONAL INFO, DO NOT HESITATE TO CONTACT OR CALL US