Computer Forensics Vs Electronic Discovery

Computer Forensics Vs Electronic Discovery



Computer Forensics vs .​
Electronic Discovery
Computer Forensics
The field of​ computer forensics was developed primarily by law enforcement personnel for investigating drug and financial crimes .​
It employs strict protocols to​ gather information contained on​ a​ wide variety of​ electronic devices,​ using forensic procedures to​ locate deleted files and hidden information.
Computer forensics tasks include capturing all the​ information contained on​ a​ specific electronic device by using either a​ forensic copy technique or​ by making an​ image of​ all or​ a​ portion of​ the​ device .​
a​ forensic copy provides an​ exact duplicate of​ the​ hard drive or​ storage device .​
None of​ the​ metadata,​ including the​ าlast accessed date,​ำis changed from the​ original .​
However,​ the​ copy is​ a​ าliveำversion,​ so accessing the​ data on​ the​ copy,​even only to​ าsee what is​ there,​ำcan change this sensitive metadata.
By contrast,​ making a​ forensic image of​ the​ required information puts a​ protective electronic wrapper around the​ entire collection .​
The collection can be viewed with special software,​ and the​ documents can be opened,​ extracted from the​ collection,​ and examined without changing the​ files or​ their metadata.
Other forensic tasks include locating and accessing deleted files,​ finding partial files,​ tracking Internet history,​ cracking passwords,​ and detecting information located in​ the​ slack or​ unallocated space .​
Slack space is​ the​ area at​ the​ end of​ a​ specific cluster on​ a​ hard drive that contains no data; unallocated space contains the​ remnants of​ files that have been าdeletedำ but not erased from the​ device,​ as​ าdeletingำ simply removes the​ pointer to​ the​ location of​ a​ specific file on​ a​ hard drive,​ not the​ file itself.
Electronic Discovery
Electronic discovery has its roots in​ the​ field of​ civil litigation support and deals with organizing electronic files using their attached metadata .​
Because of​ the​ large volume encountered,​ these files are usually incorporated into a​ litigation retrieval system to​ allow review and production in​ an​ easy methodology .​
Legal data management principles are used,​ including redaction rules and production methodologies.
Electronic discovery tasks usually begin after the​ files are captured .​
File metadata is​ used to​ organize and cull the​ collections .​
Documents can be examined in​ their native file format or​ converted to​ TIF or​ PDF images to​ allow for redaction and easy production.
Common Capabilities,​ Different Philosophies
Computer forensics and electronic discovery methodologies share some common capabilities .​
One is​ the​ ability to​ produce an​ inventory of​ the​ collection,​ allowing reviewers to​ quickly see what is​ present .​
Another is​ the​ ability to​ determine a​ common time zone to​ standardize date and time stamps across a​ collection .​
Without this standardization,​ an​ e-mail response may appear to​ have been created before the​ original e-mail.




Related Articles:



Related Topics:

Computer News - Computer Guide - Computer Tips - Computer Advice - Computer Videos - Computer Support - Computer Questions - Computer Answers - Computer eBooks - Computer Help



Powered by Blogger.