Prosecute the evidence
Obfuscate the evidence
Authorize the evidence
Preserve the evidence
Court of law
Computer forensics deals with the monetary cost of finding evidence related to a crime to find the culprits and initiate legal action against them.
Computer forensics deals with the search for evidence related to a digital crime, but the forensics specialist does not need to be concerned about the legal admissibility of the evidence he or she finds.
Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them.
Computer forensics deals only with the process of finding evidence related to a digital crime and does not try to estimate the monetary damages caused by that crime.
It adopts an approach toward criminal activity as a criminal act.
It adopts a holistic approach toward any criminal activity as a criminal operation rather than as a single criminal activity.
It differs from traditional investigative methods and is less complex and less time- consuming.
It encourages reactive action on the structure of the criminal enterprise.
Smaller evidence in size
Anonymity through masquerading
The initial reporting of the evidence is generally informal.
Law enforcement agencies are responsible for collecting and analyzing evidence.
The standards of proof need to be very high.
A formal investigation report is required.
Presentation of admissible evidence
Value or cost to the victim
Collection of clues and forensic evidence
Analysis of digital evidence
Breakdown of costs into daily and annual expenditure
Current media coverage of high-profile computer crimes
Past success rate as a measure of value
Use of outdated, but trusted, technologies
Secure the evidence.
Collect the evidence.
Destroy the evidence.
Assess the evidence.
Magnetic storage devices
Optical storage devices
Flash memory devices
Quantum storage devices
Double-level cell (DLC)
Single-level cell (SLC)
Multi-level cell (MLC)
Triple-level cell (TLC)
The primary track sector
The secondary volume descriptor
The primary volume descriptor
The secondary track sector
Boot Parameter Block (BPB)
BIOS Parameter Block (BPB)
Primary Sequential Sector (PSS)
Primary Reserved Sector (PRS)