An Introduction to
Computer Forensics
Jim Lindsey
Western Kentucky University
September 28, 2007
What are we talking about?

Forensic …
What are we talking about?
Forensic Science is
the use of science to
investigate and
establish facts in
criminal and civil
cases.
$60,000.00
$50,000.00
Dollars

Fat-Free Muffins Breakeven Analysis
$40,000.00
Fixed Cost
$30,000.00
Total Cost
$20,000.00
Revenue
$10,000.00
$0.00
0
5,054
10,108
Units
15,161
20,215
What are we talking about?

Computer Forensics is the
discovery, collection, and
analysis of evidence found
on computers and networks.
Interdisciplinary Field
Computer Professional
Investigator
Computer
Forensics

Legal Professional

Forensic Examiners
have to know about
computers, how to
perform an
investigation and
about the law.
Your job is to simply
find the facts!
Why should I care?

Computers and the Internet
are the fastest growing
technologies used in crime
(criminal and civil).




BTK and Scott Peterson Murder
Cases
Enron and Worldcom Cases
Human Resource Matters
ID Theft and Divorce Matters
Deleted Files
The Computer Forensic Process

Gather the materials to be analyzed.




Preserve the media.



Must be done legally!
Establish the chain of custody.
Get all needed devices.
Write blockers
Bit for bit images
Extract the evidence.


What is relevant to the case?
Again, must be done legally!
The Computer Forensic Process

Analyze computer media.



Forensic HW
Forensic SW
Document the results.


Report your findings!
Consider the audience that will read the
report!
Computer Forensics At Work







Deleted Files
Tracking Packet Routes
Analyzing Network Traffic
Analyzing Mobile Devices
Analyzing ISP Logs
Analyzing Chat Logs
Analyzing a Packet Trace
Summary




Defined computer forensics
Established why it is important for you to
know about the topic
Described the computer forensic process
Looked at examples of tasks performed by
computer forensic examiners