The IT-Forensik or also computer Forensik and/or digital Forensik is a subsection of the Forensik. The author concerns himself by collection, analysis and evaluation of digital traces in computer systems with investigation of suspicious incidents in connection with IT-systems and the statement of the facts and. Meanwhile the investigation of computer systems is also in connection with "conventional "crimes, in addition, for purposes of the fiscal investigation to hardly still exclude. The investigation of computer-referred crimes (net break-downs, etc.) plays usually a subordinated role.

In order to secure proofs, for example data media, as well as minutes of net traffic are analyzed secured and. With the analysis of data media a forensisches dupe is provided usually before. The knowledge around the radioactive half-life of the individual traces should determine the order of the safety device of the digital traces, in which reality will however frequently in accordance with principles proceed, which contradict this statement: Many procedure defaults for computerforensische investigations plan a pulling of the power supply plug and the development of the non removable disks as the first step, whereupon these are overacted on bring along lockplates. This beginning makes for example an investigation of main memory contents not possibly. In addition it endangers data security on the non removable disks with some file systems, since e.g. Linux in connection with Reiser holds many relevant data in the memory, which lost goes and/or only by self repair measures of the file system again to be corrected to be able. This option is not available after the production of a copy possibly any longer. Individual program products to the Computerforensik consider differently well to this circumstance.

Apart from the classical data medium analysis of non removable disks from PC and server systems the evaluation of digital traces of Smartphones and PDAs moves ever stronger into the foreground.

Meanwhile many IT and consulting firms offer forensische investigations as service for enterprises concerned. In addition, police authorities employ specialists within this range.

Considerations

In order to be able to accomplish a forensische analysis, some things are to be considered in the apron - with the safety device of the system -:

1. The original evidence should become "moved" as few as possible. Each "movement" of the evidence could entail a falsification
2. The evidence chain should be protected. This means and requires one perfectly and complete documentation
3. The personal knowledge should be never overrated. Even the experiencing "investigator" can push to its borders. From therefore it the inclusion from specialists is worth a recommendation to different topics

Process

For the execution of an analysis by means of IT-Forensik a firm process is necessary. This consists in the normal sense of the following four steps:

• Identification
• Sicherstellung
• Analysis
• Presentation/dressing

Literature

• Dan Farmer, Wietse Venema: Forensic Discovery. Addison Wesley, 2005 ISBN 0-20163497-X
• Alexander Geschonneck: Computer Forensik. dpunkt Verl., 2004 ISBN 3-89864-253-4

Related links

• computer-forensik.org
• "the PC is the evidence "(Second Channel of German Television today on-line ones, 16 April 2006)
• "Computer Forensik: No case for Dr. Watson "(Heise Security, 19 August 2005)
• "Man hunt at the PC "(PC magazine, without date)
• "Between non removable disk and finger mark "(daily mirror, 24 July 1996)
• forensicswiki.org

Articles in category "IT-Forensik"

We found here 1 articles.