|
- "My bachelors degree prepared me for the investigative nature of computer forensics. The course toward my master's degree have given me the in-depth knowledge of computers including hardware and software technology." -Doug Vitale
- "Now is the time to get involved in this field since it is relatively new and growing bigger by the day." -Jason Howell
- "Computer forensics is "the" field to be in because it is cutting edge, a field that changes in its procedures and challenges on a daily basis." -Bill
- "I wanted to do something different that challenged me in a whole new way. Computer forensics did just that, it was a challenging and exciting new career path for me." -Joey Smith
- "Statistics show that the field will only continue to grow in the future as the ubiquitous nature of the internet, computers, cellular telephones with computer-like capabilities, media, person digital assistants, and certainly, cybercriminals, are on the rise." -Chris
|
|
-
Computer Forensic Tools
Forensics Equipment included in a Computer Forensics Toolkit- In previous sections of this site we have described how most computer forensic examinations are conducted off-site in a laboratory setting. That is the optimal setting. Sometimes, however, examiners must travel to various locations to respond to incidents or seize evidence. And sometimes, the examiner must perform some or all of the examination on-site. Oftentimes these sites can be hostile in nature, including the homes or businesses of suspects. The best practices for this type of incident response are constantly under review as the technology changes. For example, there was once a time that examiners would pull the plug on most systems to preserve the evidence in the state in which it was found. All data in memory would be lost, however, the original evidence on the hard drive would be preserved so the lost data, 128, 256 or even 512 megabytes, was sacrificed. Now, the technology has changed and computers often have one or more gigabytes of memory which is a tremendous amount of data. Examiners must adapt, and find ways to preserve this evidence before it is lost when the power to the computer is cut.
- To conduct an examination on-site, the examiner needs to have essentially the same technical capacity they would have in the laboratory environment. Predicting what is behind the suspect’s door is oftentimes impossible, so many examiners have response kits. The following is a partial list of what may be contained in an incident response kit. Oh yeah, don’t forget the corporate credit card, because no matter what, you will be missing something!
Incident Response Kit Contents-
Forensic laptops and power supplies
-
Tool sets
-
Digital Camera
-
Case Folder
-
Blank forms
-
Evidence collection and packaging supplies
-
Software
-
Air card for Internet access
-
Cables for data transfer (network, crossover, USB, etc.)
-
Blank hard drives and other media
-
Hardware write blockers
- computer forensics states
|
|
- One of the most important tasks when deciding to go back to school is selecting the right college. Click on the "Request Information Here" button below to receive information from several colleges so that you may compare them and find the one that best suits your needs.
|
|
