crowmoor.se

Computer Forensics (CF) is the art of securing evidence in an computer to be able to give answers when an incident happens. Depending on the case different kinds of computers and devices has to be copied to the investigation.  Note the word copied. To make sure that all information is available, that an investigation in any given aspect could be repeated in court and to lower the downtime of the system every computer or device should have their harddrives and memorychips copied. The files are then added to an investigation in for example Encase (www.guidancesoftware.com) but there are of course several others as well.

Computer Forensics is not a big industry in sweden and the number of experienced investigators is very small. In USA CF is a lot bigger and the tendency we see is that the market is slowly growing. To be able to grow there are several criteria that has to be in place. For example a security policy should be published in the company to make sure that there are now legal problems with initiating an investigation.