One of the negative impacts of technological advancements is the advancement of criminal methods. As one of the widespread progression in the whole world today, computerization has been made an instrument for criminal offenses, and this has alarmed many computer experts since the millennium bug had emerged, and was fortunately solved. Knowing the things that must be observed in computer software and hardware investigation is important to flourish as a computer forensics expert.
Current investigations usually dwell on individual category, but still it can be expanded to a more general sense in analyzing the patterns and motives of maybe not just individuals, but groups or organizations (Anderson, 1996). First, in either hardware of software, all protective procedures must be known by the investigator. Security for the reliability of the source of information is of an utmost importance in fishing evidences towards solving a crime. The computer itself is the first place that must be secured.
A way to secure them is to label them to avoid possible damages and interchange of the computer parts. Keeping the original state of the machine whether it is turned on/off, or maintaining connections at the back of the CPU or a laptop, is also a requirement for in the case of transportation, there might be a need to disassemble the parts, and knowing the original positions of the connections is relevant to restore the computer for investigation after transportation (Barba, __, p. 19). Second is the acquisition of electronic information.
This can be obtained from the hard disk or other disk drives attached to the computer and to e-mails, where possible records of computer manipulation that the offender had done to the systems before and after completion of the act are present. Looking at the deleted and hidden files is also a very crucial step, which might lead to the identification of the possible objectives of the criminal in deleting those data fragments, or what data he needed so as to complete his purpose (Barba, __, p.
24). Upon identification of the important data files that are removed from the system, and if there exists any system transactions that can be done through those files, like for example bank transactions, it would be the initiative of investigator to warn the potential persons that can be damaged when the transactions have been completed. The third thing that is important to consider is the recovery of the lost information that the client needs.
It may also be possible to identify log-in passwords and usernames to monitor the users of the computer which can be associated with time of deletion of information, thus identifying the criminal. They can also look at the possible system protection measures to secure information and to avoid access again to the system. The log and registry of the computer may trace this necessary information and identify changes on the computer codes (Sunblocksystems. com, 2007). Fingerprints may also be looked at in the case of a criminal act done at the place of the client itself.
Identification of the criminal would be much more specific at this case. References Anderson, K. E. (1996). International Intrusions: Motives and Patterns Retrieved July 14, 2008, 2008, from http://www. aracnet. com/~kea/Papers/paper. shtml Barba, M. (___). Computer Forensic Investigations [Electronic Version]. Retrieved July 14, 2008, from http://www. computer-forensic. com/old_site/presentations/ASIS_Presentation. pdf Sunblocksystems. com. (2007). Computer Forensics. Retrieved July 13, 2008, from http://www. sunblocksystems. com/forensics. html