Computer Forensics—Computer Media Reviews in Classified Government Agencies

Michael R. Anderson, SCERC

Introduction

Personal Computer Security Weaknesses: Historical Perspective

Security Risks: Windows XP and Notebook Computers

Risks Associated with Ambient Data Storage Areas

Risks Associated with Computer-Related Storage Devices

Concerns Specific to Classified Government Agencies

Forensic Search Practices in Classified Security Reviews

Creation of the Search Term List

Logical Versus Physical Text Searches

Risks Associated with Nontext (Binary) Files

Graphics File Formats

Compressed File Formats

Embedded Text and Obscure File Formats

Conclusions

Glossary

Cross References

Further Reading

INTRODUCTION

Forensics, by definition, is the application of law to science. In the case of computer forensics, computer science is used to identify evidence in criminal cases and civil lawsuits. Computer forensics is a relatively new forensic science, but its procedures and methodologies have been used for years in military and law enforcement agencies to gather intelligence and to identify criminal investigation leads and evidence. Computer forensics moved from the secret world of the military and law enforcement when New Technologies, Inc. (NTI) was created in 1996. Since that time, numerous commercial computer-forensics training courses have come into existence and several colleges and universities have incorporated computer forensics topics in their curricula. Several computer forensic software ...

Get Handbook of Information Security: Information Warfare, Social, Legal, and International Issues and Security Foundations, Volume 2 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.