Knowledge of workstations and other processing devices
Computer forensics involves the use of many workstations and other types of processing devices (Easttom, 2014). Thorough knowledge of the components and applications of the devices greatly enhances the chances of acquiring good data for forensic uses. However, some professionals working in the field of computer forensics do not understand the essential components of the devices that are important in data collection (Easttom, 2014). They do not comprehend the working principles of servers used in forensic laboratories.
The data are acquired by users through the use of networks that could be local area networks or wide area networks. Some devices used to process photos and videos are rarely understood by computer forensic personnel. There is also a general lack of good knowledge of the software components contained in processing devices that impact data acquisition negatively (Easttom, 2014).
Live system forensics
Live system forensics focuses on retrieving data from volatile storage locations in a computer system (Nelson, Phillips & Steuart, 2010; Taylor, Haggerty, Gresty & Lamb, 2011; Easttom, 2014). The overall goal of the forensics is to capture suspected data before it could be lost when a computer system is powered off. Several issues characterize live system forensics negatively about data capture (Nelson et al., 2010).
First, there might be limited power in a computer system, which implies that a computer system might power off before the data are retrieved. Second, personnel might not be aware of the order in which volatile data should be obtained. Thus, altering the order in which evidence should be acquired from computer files affects the data negatively.
Third, there are technical issues associated with live system forensics that revolves around devices used to transfer data from volatile storage locations. If faulty devices are used, then it would imply that the data retrieved would be compromised and lost altogether. However, the issue could be prevented by ensuring that external storage devices are in a good state (Nelson et al., 2010).
Knowledge of application-based file systems
Computerized file systems are utilized in computer forensics to store data and prevent them from any loss (Easttom, 2014). Application-based file systems are used for specific applications within a computer system. About computer forensics, a good knowledge of application-based file systems ensures that data are obtained from computer devices and used for forensic purposes (Taylor et al., 2011; Easttom, 2014). Computer forensic experts need to access all the data application-based file systems.
Personnel could not be aware that different storage devices use different types of media. If they try to access application-based files using tools that are not supported by the storage media, then no data would be retrieved from computer systems. Design limitation issues might impact forensic data acquisition negatively if personnel does not understand the maximum storage capacities of storage media (Nelson et al., 2010).
Application-oriented data acquisition methods
Application-oriented data acquisition methods are used to capture data in computer forensics in real-time and synchronize them based on their locations (Nelson et al., 2010). Some issues arise with the use of application-oriented data acquisition methods. First, displays used to show captured data might not portray the actual data if system configurations are not done properly. Second, real-time analysis of information might lead to the alteration of the data.
This would result in low quality of data that cannot be effectively used in court cases (Nelson et al., 2010). Application-oriented data acquisition methods may use different standards to gather data. The use of different methods compromises data uniformity and applications in the field of computer forensics.
The data collection methods could be used to create reports after the collection of information. This poses a challenge of redoing reports when they are found to be faulty. If they are altered, then the evidence would raise a lot of suspicion in court during legal proceedings (Easttom, 2014).
Application-driven data forensic tools
Application-driven data forensic tools are used to acquire evidence from computer systems based on the type of applications (Nelson et al., 2010; Easttom, 2014). The tools do not alter data. Maintaining the integrity of computer-based evidence increases the amount and quality of data used in criminal cases that involve the use of computers. Several issues affect data acquisition through the use of application-driven data forensic tools (Nelson et al., 2010; Easttom, 2014).
First, the choice of tools is an important aspect that determines the quality of forensic data that can be gathered. If computer forensic personnel choose the wrong tools to collect data, then the tools cannot be used to retrieve data used for specific applications in computer systems. Second, application-driven data forensic tools may not be maintained properly.
Forensic tools that have poor maintenance result in low-quality data that have little impact in court cases. Proper support of the devices ensures that they follow the standards as required by computer forensics. Third, some applications of computer systems cannot be accessed using some tools because of incompatibility issues.
In conclusion, computer forensics relies heavily on the use of evidence collected from computer systems. Computer forensics personnel should deal with issues that arise in data collection using computers. Through this, they would collect evidence that would support cases in court.
References
Easttom, C. (2014). System forensics, investigations, and response (2nd ed.). Burlington, MA; Jones and Bartlett Learning.
Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to computer forensics and investigations. Stamford, CT: CengageBrain.com.
Taylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 2011(3), 4-10.