Slashdot videos: Now with more Slashdot!
Computer Forensics — A Brief Description
Computer Forensics is the function of utilising scientifically proven methods to assemble together and process data found on a digital device, (computer, hard disk drive, mobile phone, memory card etc), and interpret that data for possible use in a court of law or other theatre of investigation. The evidence may assist in the prosecution or a criminal, help in the defence of an accused person, or be of intelligence to an individual who is seeking knowledge for either personal or professional reasons.
The main users of Computer Forensics are law enforcement officers, as a large percentage of crimes in some way utilise digitally stored data. This data could be a phone call made on a mobile phone, (or cell phone), which could place an individual at the scene of a crime, (or of course away from it), accounts for illegal activities such as drug sales, images of paedophilia, human resource issues, hacking, email abuse, unauthorised data duplication, IP theft etc. Corporate organisations are utilising computer forensics more and more now as they often have to investigate incidents such as inappropriate computer use, inappropriate email use, unauthorised data duplication and disloyal employees. Human Resource departments and Internal Security are the biggest users of these specialist corporate services. Private individuals may also use these services. It may be the lover cheating on their partner, or inappropriate internet use by a family member.
Computer Forensics or Cyber Forensics as it is also known, is now taught at many colleges and universities around the world, and is available to both the law enforcement community and private individuals.
What to do if you suspect illegal or inappropriate activity on a computer or digital device:
- Turn the power off — Pull the plug out if necessary
- Secure the 'exhibit'. Don't allow anyone access to it, security seal it if possible
- Contact a Computer Forensics Expert
What NOT to do if you suspect illegal or inappropriate activity on a computer or digital device:
- Call your IT manager, or one of your technical staff
- Get them to 'see' if the user has been looking at 'dodgy' websites or if any important files are missing
- Sack the member of staff
The analogy of the above:
Imaging a body lying in a muddy field. There is a blanket over the body and something petruding from it. By not following procedures, what you will have done is the same as follows:
- See the body
- Walk up to the body in the field
- Take the blanket off the body
- Move the body to 'have a look'
- Put the blanket back over the body — 'like it was before'
- Leave the field
What you have just done:
Entered the scene of a crime, left YOUR footprints all over the muddy field, left YOUR fingerprints on the body and blanket, left YOUR DNA all over the place.
You then expect to call the relevant organisation/authority and have them try and find evidence, which has just been tainted by YOU or YOUR STAFF. This is not a good start, and could make the case in question inadmissible.
Remember that this is a very specialised service provided by experts. Use computer forensics experts to do the job correctly in the first place, then there shouldn't be a problem.
Disklabs Computer Forensics
I was a SysAdmin for years, during which time I worked 50 hours on a *short* week. A typical week was closer to 70, and I had on many occasions done in excess of 100. I had to take a laptop with me when I went on my 3-weeks-after-10-years vacation to Arizona in January (Arizona in January sure beats Ottawa!). I ended up working 1 to 2 hours a day while on "vacation". Every damned day.
I hated my job, but I was too busy to look for another one.
Then I got cancer, and lost my left kidney. (Well, I didn't _lose_ it; the surgeon took it out, sent it to the Lab and the report came back "malignant'). As part of my recovery, I was *forbidden* to lift anything heavier than a 10-pound bag of sugar, *required* to have a nap for at least 1/2 hour a day, and it was suggested I find a less stressful lifestyle. I was basically confined to the house for 6 weeks. The after-effects of the anasthetic left me unable to concentrate on much of anything for more than a few minutes at a time. I could read the newspaper's comic page, but that was about it.
There's a lot to be said for a short nap in the afternoon. All of it positive.
When I was able to go back to work, I could handle it, but now the 100-hour weeks annoyed me. So, I quit SysAdmin-ing (I don't think that's an actual word...), and now work as Tech Support for a much smaller firm. I do on-call sometimes, but mostly I get to do a 40-hour work week.
Eliminating stress _does_ make a difference. I've noticed it. My wife's noticed it. My son and daughter-in-law noticed it. I get fewer cold/influenza bouts, because I'm not so run down. I _swear_ I'm wiser now, but that could just be because I'm alive (and therefore older) and appreciate it more.
If you aren't happy with what you do, it'll kill you, regardless of the hours/days/weeks schedule.
If you enjoy what you're doing for a living, the amount of time spent doing it doesn't really matter all that much.