Computer Forensics A

I have started a video training tutorial in Computer Forensics by Infinite Skills and will be writing some of what I learn in a series of daily blog posts. Computer forensics conjures ideas of some one analyzing what is on a computer and then giving a testimony in a court but these skills are also useful to other professionals like a malware analyst working for an anti virus software developer or a security or network administrator. To become a computer forensic expert who need to understand a lot of different disciplines like the various operating systems and how to use the specialist software and file types to name a few. You particularly need to understand the Unix & Windows operating systems. You will copy what is on a computer and normally work on the copy and will use write blocking hardware or software to copy the hard drive. You can't change anything on the suspect computer otherwise the evidence becomes inadmissable. You also must be ethical and many certifications like CISSP & Ethical Hacker have detailed codes of ethics for their members. You must never take a case which involves a subject you aren't knowledgeable about as the case is likely to be thrown out and also you must never swap sides or be paid according to the outcome whether guilty or not guilty. One job you must do is check the properties of programs and files on a suspect computer and to do this you right click and choose properties. In particular you are looking for any changes or modifications to the program and when it was installed. File types and saved work are also important. If you are working in Windows there is a program called Compare It which compares 2 files and tells you in the form of a hash tag if they are identical or not. On Linux there is MD5Sum which does a similar job. I will be continuing this tomorrow.