1 / 15

Introduction to Computer Forensics

Introduction to Computer Forensics. FALL 2006. The fundamental concern of forensic computing activity is for the accurate extraction of INFORMATION from computer-based systems, such that it may be presented as admissible evidence in court (Sammes and Jenkinson 2000). What is Information?.

eudora
Download Presentation

Introduction to Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction to Computer Forensics FALL 2006

  2. The fundamental concern of forensic computing activity is for the accurate extraction of INFORMATION from computer-based systems, such that it may be presented as admissible evidence in court (Sammes and Jenkinson 2000)

  3. What is Information? Liebenau and Backhouse (1990), Understanding Information: • “Numerous definitions have been proposed for the term ‘information’, and most of them serve well the narrow interests of those defining it.” • “These definitions are all problematic”

  4. What is Information? Liebenau and Backhouse (1990), Understanding Information: “…information cannot exist independently of the receiving person who gives it meaning and somehow acts upon it. That action usually includes analysis or at least interpretation, and the differences between data and information must be preserved, at least in so far the information is data arranged in meaningful way to some perceived purpose ”

  5. Computer system holds data. Any information that we (the receiving persons) may extract from this data is a result of our analysis or interpretation of it in some meaningful way for some perceived purposes. We have to have a set of interpretative rules which we apply to the data in order to extract the information. (Sammes and Jenkinson 2000)

  6. input output Computer • Electronic device • Accepts data - input • Processes it according to a given set of instructions • Produces results -output Computer

  7. Input, Output, Computer Program • Input – unprocessed data manipulated by the computer • Output – processed information or results produced by the computer • The set of instructions that the computer follows is called acomputer program

  8. Computer System hardware • the physical equipment used to process a data software • computer programs

  9. 010 111 ..... CPU Secondary Memory Main Memory I/O Devices Hardware

  10. Hardware Main Memory Input Devices Output Devices CPU

  11. Input/Output Devices Input devices • keyboard, mouse enter data and programs into the computer Output devices • printer, monitor display the results processed by the computer

  12. Memory • Main Memory • Nonpermanent • Rapid Access • Low Capacity • Secondary Storage • Permanent • Non Rapid • High Capacity Bit - Binary Digit Byte = 8 bits KB = KiloBytes = 1024 bytes =210 MB= MegaBytes = 1,048,576 bytes = 220 GB = GigaBytes = 230 bytes

  13. Control Unit Directs the processing operations Coordinates the flow of data to Main Memory and ALU Arithmetic Logic Unit (ALU) performs Arithmetic operations Logic operations CPU – Central Processing Unit

  14. Software • Operating Systems • DOS • UNIX • Windows • Application Software • Word • Power Point • Emacs, Pico

  15. References • Liebenau, J. and Backhouse, J. (1990) Understanding information : an introduction. London, Macmillan • Tony Sammes and Brian Jenkinson (2000), Forensic Computing: A Practitioner's Guide, Springer Verlag

More Related