Journals Proceedings

Abstract

The computer forensics as a branch of digital forensic pertaining to legal evidence found in computers and digital storage media. In order forensic acquisition to be more reliable it must be performed on computers that have been powered off. This type of forensics is known as ‘traditional’ or 'dead' forensic acquisition. However, this type of forensic cannot be used to collect and analyze the information which is not on the hard disk, or encrypted data. The disadvantages of the dead forensics can be overcome handling a live forensics acquisition process. There are many commercial and freeware tools which can be used to provide information based on live forensics acquisition. The problem with this tools is that in many cases the examiner cannot explain the script functionality and generated results and information. Because of this reason there is a increased need for developing and using script which can be easy explained and adapted to any analysis which should be made by the examiners. The paper presents a developed First Responder script which can be used to perform a live forensics analysis.