CHAPTER 3

Computer Forensic Fundamentals

The practice of computer forensics requires a great deal of structure to support the process, which must be predictable, repeatable, and documentable. But on the other hand, there needs to be enough flexibility within the structure that an investigator can still apply intuition, creativity, and the occasional professional hunch.

This section presents an overview of three primary computer forensic fundamentals issues:

1. This first issue is called the safe zone, and it deals with the establishment of a computer forensic laboratory and the necessary structure, tools, and personnel required for its efficient operation.
2. Second, I review what I call the human quotients, which are the various players in a computer forensic investigation such as the network engineer, the plaintiff, the attorney, the researcher, the judge, and the client. Each of these parties plays a distinctive, important role in the process from the perspective of the computer forensic investigator and in this section I attempt to provide a cursory overview of where they fit.
3. The final section deals with miscellaneous issues (see “The Devil Is in the Details”) where I highlight a number of challenges and pitfalls that are often overlooked at the start of an engagement, but which can doom it to failure if not addressed in a sensible way.

The Establishment of the Computer Forensic Laboratory

The computer forensic lab is a safe zone. It is a location where electronic data ...

Get Investigative Computer Forensics: The Practical Guide for Lawyers, Accountants, Investigators, and Business Executives now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial