Erase Files and Internet Activity Pictures, URLs, Videos, Email, Chats, Voice, Peer to Peer, "locked" Windows Files, Browser History, Newsgroups, Wipe Free Space and more.

Only $59.95

Privacy Suite Comparison Chart

.."Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums. Computer forensics is also known as digital forensics.

The goal of computer forensics is to explain the current state of a digital artifact. The term digital artifact can include a computer system, a storage media (such as a hard disk or CD-ROM), an electronic document (e.g. an email message or JPEG image) or even a sequence of packets moving over a computer network. The explanation can be as straightforward as "what information is here?" and as detailed as "what is the sequence of events responsible for the present situation?"

The field of Computer Forensics also has sub branches within it such as Firewall Forensics, Database Forensics and Mobile Device Forensics.

There are many reasons to employ the techniques of computer forensics:

• In legal cases, computer forensic techniques are frequently used to analyze computer systems belonging to defendants (in criminal cases) or litigants (in civil cases).
• To recover data in the event of a hardware or software failure.
• To analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did.
• To gather evidence against an employee that an organization wishes to terminate.
• To gain information about how computer systems work for the purpose of debugging, performance optimization, or reverse-engineering.

Special measures should be taken when conducting a forensic investigation if it is desired for the results to be used in a court of law. One of the most important measures is to assure that the evidence has been accurately collected and that there is a clear chain of custody from the scene of the crime to the investigator---and ultimately to the court."

http:// en. wikipedia. org/ wiki/ Computer_forensics#Collecting_Digital_Evidence

"..Computer Online Forensic Evidence Extractor (COFEE) is a modified USB flash drive for investigators for quick extraction of forensic data from computers that are suspected to contain evidence of criminal activity. It allows investigators to search through data onsite as an automated forensic tool. The device, developed by Microsoft, is activated by being plugged into a USB port, and purportedly contains 150 commands that can dramatically cut the time it takes to gather digital evidence (estimates cited by Microsoft state that a job that previously took 3-4 hours can be done with COFEE in as little as 20 minutes). These commands offer such functions as the ability to decrypt passwords, search a computer's Internet activity, and analyze the data stored on a computer - including data stored in volatile memory, which could be lost if the computer were shut down for transport to a lab. Microsoft currently provides COFEE devices and online technical support free to law enforcement agencies.
COFEE was developed by Anthony Fung, a former Hong Kong police officer who now works as a senior investigator on Microsoft's Internet Safety Enforcement Team. Fung conceived of the device following discussions he had at a 2006 law enforcement technology conference sponsored by Microsoft. The device is used by more than 2,000 officers in at least 15 countries.
A case cited by Microsoft in April 2008 credits COFEE as being crucial in a New Zealand investigation into the trafficking of child pornography, producing evidence that led to an arrest."

http:// en. wikipedia. org/ wiki/ Computer_Online_Forensic_Evidence_Extractor

"..Digital evidence can be collected from many sources. Obvious sources include computers, cell phones, digital cameras, hard drives, CD-ROM, USB memory devices, and so on. Non-obvious sources include settings of digital thermometers, black boxes inside automobiles, RFID tags, and web pages (which must be preserved as they are subject to change).

Special care must be taken when handling computer evidence: most digital information is easily changed, and once changed it is usually impossible to detect that a change has taken place (or to revert the data back to its original state) unless other measures have been taken. For this reason it is common practice to calculate a cryptographic hash of an evidence file and to record that hash elsewhere, usually in an investigator's notebook, so that one can establish at a later point in time that the evidence has not been modified since the hash was calculated.

Other specific practices that have been adopted in the handling of digital evidence include:

• Handle the original evidence as little as possible to avoid changing the data.
• Establish and maintain the chain of custody.
• Documenting everything that has been done.
• Only use tools and methods that have been tested and evaluated to validate their accuracy and reliability.

Some of the most valuable information obtained in the course of a forensic examination will come from the computer user. An interview with the user can yield valuable information about the system configuration, applications, encryption keys and methodology. Forensic analysis is much easier when analysts have the user's passphrases to access encrypted files, containers, and network servers.

In an investigation in which the owner of the digital evidence has not given consent to have his or her media examined (as in some criminal cases) special care must be taken to ensure that the forensic specialist has the legal authority to seize, copy, and examine the data. Sometimes authority stems from a search warrant. As a general rule, one should not examine digital information unless one has the legal authority to do so. Amateur forensic examiners should keep this in mind before starting any unauthorized investigation.

All digital evidence must be analyzed to determine the type of information that is stored upon it. For this purpose, specialty tools are used that can display information in a format useful to investigators. Such forensic tools include: AccessData's FTK, Guidance Software's EnCase, and Brian Carrier's Sleuth Kit. In many investigations, numerous other tools are used to analyze specific portions of information.

Typical forensic analysis includes a manual review of material on the media, reviewing the Windows registry for suspect information, discovering and cracking passwords, keyword searches for topics related to the crime, and extracting e-mail and images for review."

http:// en. wikipedia. org/ wiki/ Computer_forensics

"..Anti-forensics has only recently been recognized as a legitimate field of study. Within this field of study, numerous definitions of anti-forensics abound. One of the more widely known and accepted definitions comes from Dr. Marc Rogers of Purdue University. Dr. Rogers uses a more traditional "crime scene" approach when defining anti-forensics. "Attempts to negatively affect the existence, amount and/or quality of evidence from a crime scene, or make the analysis and examination of evidence difficult or impossible to conduct"

A more abbreviated definition is given by Scott Berinato in his article entitled, The Rise of Anti-Forensics. "Anti-forensics is more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you." Interestingly, neither author takes into account the user who uses anti-forensics methods to ensure personal data is kept private.

Disk cleaning utilities use a variety of methods to overwrite the existing data on disks. The effectiveness of disk cleaning utilities as anti-forensic tools is often challenged as some believe they are not completely effective. Experts who don't believe that disk cleaning utilities are acceptable for disk sanitization base their opinions off current DOD policy, which states that the only acceptable form of sanitization is degaussing. Disk cleaning utilities are also criticized because they leave signatures that the file system was wiped, which in some cases is unacceptable.

File wiping utilities are used to delete individual files from an operating system. The advantage of file wiping utilities is that they can accomplish their task in a relatively short amount of time as opposed to disk cleaning utilities which take much longer. Another advantage of file wiping utilities is that they generally leave a much smaller signature than disk cleaning utilities. There are two primary disadvantages of file wiping utilities, first they require user involvement in the process and second some experts believe that file wiping programs don't always correctly and completely wipe file information. Some of the widely used file wiping utilities include R-Wipe & Clean, Eraser, Aevita Wipe & Delete and CyberScrubs PrivacySuite."

http:// en. wikipedia. org/ wiki/ Anti-computer_forensics