Skip to main content

Computer forensics is the analysis of data from a computer system or application in response to a security incident or computer misuse.  The goal is to find evidence of what, when, and how an incident occurred, and who was involved. A computer forensic examination may be necessary when it is suspected that a computer system or application was used to commit a crime, or used for inappropriate activities which violated law or university policy.

Once the suspected system has been received by the Security Incident Response Team, these are the steps that will be performed by the examiner:

  • Chain of custody documentation is created to track the evidence at all times. System will be held in a secure locker when not being examined.
  • All electronic data is recovered from the hard drive and analyzed to find the information requested. Areas of concern or violations are noted.
  • A full written report will be created and given to the requestor for further action. The system can then be returned as long as there is no threat to the network or computer user.

Forensic Examination

Forensic services can be requested by sending a completed version of the document below to
SIRT@UCF.EDU

Requesting a Computer Forensic Examination

When a forensic examination is necessary on a University system or asset, please take the following steps:
NOTE: If you believe this is a criminal matter, please contact the UCF Police Department.

  • Restrict access to the suspect system or application; any change could result in damaging potential evidence.
  • Complete and submit the Request for Forensic/e-Discovery Examination in the sidebar of this page.
  • The purpose of the form is to give the Security Incident Response Team a background of the incident and specific information including; the users involved, severity of the incident, and the type of data you hope to obtain from the forensic examination.
  • The Information Security Office will gain approval, or verify approval, from the Provost, Vice President, or the Office of the General Counsel.
  • Once the Request for Forensic/e-Discovery Examination has been made, a member of the Security Incident Response Team will contact you to coordinate the evidence pickup. (An estimate on the time it will take to perform the investigation will be made, but it is mostly dependent on the quantity of data involved (number of systems) and the extent of the issue.  Some investigations could take a few hours, while others may take weeks.