| The rate of crimes on internet and networks is | | | | monitor and collect evidence related to intrusions and |
| increased to an alarming state by hackers, contractors, | | | | computer crimes. The use of security tools should be |
| intruders and employees. Laws are enforced and | | | | legal and according to the policies of the company and |
| computer forensics is practiced to avoid and prevent | | | | rules of the country. Computer forensics is a new |
| these crimes. Using computer forensics investigators | | | | discipline so the use of existing laws is instable while |
| use latest techniques of science and technology to find | | | | prosecuting computer crimes. Website of United |
| some evidence against crimes. The evidence will be | | | | States Department of Justice’s Cyber Crime is the |
| collected for legal purposes when criminal matters are | | | | reliable source of information and rules to apply it. |
| dealt. Investigation by using latest techniques of | | | | Standards of computer forensics and list of recent |
| science and technology along with computer sciences | | | | cases which are in proceeding are given on the |
| to collect evidence in criminal and civil courts is called | | | | website. Evidences are collected in a way which is |
| computer forensics. Experts use advanced tools to | | | | accepted by the court. Laws are being approved in |
| recover deleted, corrupted or damaged files from hard | | | | the favor of personal data security in organizations. |
| discs, flash drives and other storage media. A | | | | Organizations have to prove that they have applied |
| complete examination of windows registry, drives, | | | | necessary securities. So when data is theft or |
| cookies, deleted files, emails and all other relevant | | | | affected then there will not be any lawsuit on the |
| locations is done to find any clue to prosecute the | | | | company if proper security applications and policies are |
| case in law courts. | | | | installed and implemented. |
| The first step in collecting evidence is to obtain warrant | | | | Computer security law has three areas which one |
| to search the suspected system. This warrant includes | | | | should know. First is in United States Constitution; it |
| not only seizing and investigating the suspected | | | | protects against unreasonable search, attacks and |
| computer but any devices connected with the crime | | | | self-incrimination. These were written before problems |
| are also included in it. A printer, scanner or any other | | | | occurred but tell how to practice them. |
| device may be used with computer in making crime so | | | | In the second area anyone practicing computer |
| these devices are also seized for investigation. Person | | | | forensics should know the effect of three U.S. |
| who examines the computer system is not only an IT | | | | Statutory laws. |
| expert but a detective. He detects clues to find out the | | | | Wiretap Act |
| story or details of the crime. The main aim of an | | | | Pen Registers and Trap and Trace Devices Statute |
| investigator or expert is to find out evidence not the | | | | Stored Wired and Electronic Communication Act |
| culprit. Using computer forensics large amounts of | | | | During the practice of computer forensics violations of |
| money are recovered by following the law suits in civil | | | | any one of the above statutes lead to fine or |
| and criminal courts. | | | | imprisonment. If a company feels any doubt about that |
| Computer forensics specialist revealed frauds, crimes | | | | it has committed mistake it should consult with its |
| and corruptions in insurance companies, criminal | | | | attorney. |
| prosecutors, large corporations and law enforcement | | | | In third area U.S. Federal rules about computer crimes |
| office. The standards, methods and laws of computer | | | | must be understood. There are two areas which |
| forensics are different in different countries. Some | | | | affect cyber crimes |
| evidence is acceptable in some countries but not in | | | | 1. Authority to collect and monitor data |
| others while dealing with crimes at international levels. | | | | 2. Admissibility of collection methods |
| There is no boundary of internet so it is a problem | | | | If network or system administrators know about the |
| while investigating and collecting evidences because | | | | legal and technical complexities of computer forensics |
| different countries have different laws. | | | | or they are able to preserve critical data of the |
| Personnel, Network administrators and security staff | | | | organization then it would be an asset of the |
| should have knowledge about computer forensics and | | | | organization. |
| its legal aspects. An expert should have authority to | | | | |