Computer forensics is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law. The goal of Computer Forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.

 On the Computer Forensic process, there is process collection data like imaging and basic analysis of suspect disk and drive comparatively easy.

Clone suspect drive using dd tools is very easy:

dd if=/dev/[sda or hdc or fd] of=image.disk

(Input file "if") from hard drive or usb drive and (output fiile "of") output clone file for actual analysis. after disk cloned, after that chmod to 444 or read only to prevent data change on "image.disk" we just create then we need to identifying fingerprint using sha1sum or md5sum

sha1sum /dev/sda1 image.disk

or

md5sum /dev/sda1 image.disk

Then match the result. that chmod the other basic command that usefull for computer forensic is grep, ls, fdisk, find to find, check, and list the data. mount, cat, less, string is usefull command for explore and view the data on "image.disk"

Analysis process on computer forensic is deppend on forensic examiner it self, more experience examiner, more data he will get. thats all for today, I hope this post will increasing our knowledge about computer forensic.