Tag Archive: Forensics

Computer Forensics Technology

The fact that computer forensics tools and methods can be successfully use to identify user passwords, computer logons, as well as other transparent information is absolutely correct. A simple example of this can be the extraction of password through file sharing. If a file sharing is enabled on a computer, then services such as NetBIOS can be sued to retrieve sensitive information about the system, such as the user names, configuration of the system as well as registry keys. These pieces of information can then be used to allow for a brute force password attack against any Windows NT system.  Furthermore, on a network, software such as packet sniffers can be used to extract data from the packets travelling a particular segment of a network, which can contain confidential information such as user credentials.

A simple utility which is often ignored called FINGER, can also be used to extract information about user logons remotely on computers on which the service has not been disabled. With regards to identification, detection and extraction of information that is transparently moved between different components of a computer, forensic tools allow the computer forensic experts to have a look at data that is generated from past activities on the computer. This data may be found in the swap files that contain temporary data generated by the various programs. This data may not only provide information about the usage of the program but also provide clues about the users credential and other information that is not saved in user files. Forensic tools can also have a look at data in file slack and unallocated file space, which is unreadable by the user in normal circumstances. This form of data can be categorized uniquely as ambient data and may span up to 50% of a computer hard drive. This ambient data may contain email fragments, word processing fragments, directory tree snapshots as well as remnants of any activity that has occurred in past work sessions on a computer. These chunks of data, when read, may provide important information and can prove to be an important clue for computer forensic expert looking for evidence, but these activities are only made possible with the help of computer forensic tools (Vacca, 2005).

Read About Technology Benefits Business