Forensic computing Essay Example | Topics and Well Written Essays - 1250 words

Forensic computing - Essay Example A user can use criteria such as size, filename, creation and modified dates in locating files. The search results returned by OS forensics are made available in different views which include the timeline view, thumbnail view and file listing (Beijnum, 2009, p. 23). This helps the user determine the pattern of activity on the computer and know where significant file change occurred. Besides locating the files, this tool can go further to search within contents of each file for a full analysis. OS forensics has a powerful pre-indexed search capability that offers full text search to hundreds of file formats. Below is a list of what results OS forensics can offer: Highlighting Wildcard searches Relevance ranked search results Exclusion searches Date sorting or date range searching Exact phrase matching "Google-like" context results File listing view of search results The file formats that can be indexed by OS forensics include: RTF, WPD, SWF, DJVU, DOC, PDF, PPT, XLS, JPG, GIF, PNG, TIF F, XLSX, MHT, ZIP, MP3, DWF, DOCX, PPTX and more. In addition, it has a feature that helps analyze files so as to determine their file type if they lack file extension. The advanced hashing algorithm in OS forensics can help create a unique fingerprint that is used to identify a file. OS forensics can help the investigator to organize the evidence discovered into a cryptographically secure single file. The expert can add more results and evidence to the case file for future reference and analysis and be confident that the case file cannot be tampered with. Case management helps the user to organize and aggregate case items and results from OS forensics. An advantage of this software is that it can be installed and run from a USB flash drive thus helps you in keeping your investigation tools and reports with you when you are mobile (Cansolvo & Scholtz, 2004, p. 85). A user should avoid installing any software on the target machine so as to avoid the risk of unintentionally overwritin g or deleting valuable forensic data left by the suspect. With OS forensics, the computer expert can export case files as customizable and accessible reports that show all the evidence gathered. This feature helps to deliver a summary of readable forensic findings to law enforcement agents or clients at any time during the investigation. OS forensics can be used to retrieve e-mail messages directly from their archives without the need to install email client programs such as thunderbird or Outlook (Dimitrova, Bellotti, Lozanova & Roumenin, 2011). It reads directly into the archive and displays everything from message headers, HTML, Rich Text Format and regular Text. Supported file formats are: Mbox for thunderbird, UNIX mail, Eudora and more. Pst for outlook. Msg for outlook. Dbx for outlook express. Eml for outlook express. All the attachments associated with the specified email can be extracted too. Email searching functionality embedded in OS forensics can be used to quickly sear ch across all the content in the email’s archive effectively. OS forensics Email Viewer The forensic value of carrying out the processes described above may vary depending on various factors such as who needs the information and for what purpose is the information in question needed (Lin & Stead, 2009, p. 67). This valuable