Basics of computer forensics
Computer forensics is the application of computer investigation and analysis techniques in the interest of determining potential legal evidence.
- Evidence revealed through forensic methods may be used in various investigations:
- civil litigations: divorce, harassment and discrimination
- companies seeking evidence of abuse of position or authority, embezzlement or theft of intellectual property
- insurance companies seeking evidence of insurance-related frauds, abuse of death, employee’s rights and insurance premiums
Digital evidence is necessary in a wide range of computer crime investigations, and computer forensics applies various methods for discovering data that resides in a computer system or recovering deleted, encrypted or damaged data. Any or all of this information may help during evidence discovery or discrediting.
Computer forensics is a relatively new field, and over the years it has been called many things: “digital forensics,” and “media analysis” to name a few. It has only been in the past few years that we have begun to recognize that all of our digital devices leave digital breadcrumbs and that these breadcrumbs are valuable evidence in a wide range of inquiries. While criminal justice professionals and the intelligence were some of the first to take an interest in this digital evidence, information security, and civil law fields have enthusiastically adopted this new source of information.
Computer or digital forensics involves the scientific methods applied to identification, gathering and analyzing of data, ensuring the integrity of original evidence as well as the chain of custody.
Computer forensics may be also defined as a process of gathering, preserving, analyzing and presenting of digital evidence.
In 2003, the ASCLD/LAB recognized digital evidence as an accredited forensic scientific discipline. Acceptance of computer forensics as a legitimate procedure for evidence analyzing resulted in growing interest in computer forensics training and education. Digital forensic task force was formed to support trainers in creating training programs. At present there are more than 30 colleagues and universities only in America committed to digital forensics education.
Computer forensic science is the science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media. Although a relatively new discipline, it has a large potential effect on specific types of investigations and prosecutions.
Computer forensic science is, at its core, different from most traditional forensic disciplines. To start with, computer forensic tools and techniques are relatively easy available to anybody who wants to do forensic analysis. Furthermore, compared to traditional forensic analysis, there is a common requirement to perform computer examinations at virtually any physical location, not only in a controlled laboratory setting.
Acquisition of digital evidence begins when information and/or physical items are collected or stored for examination purposes. The term “evidence” implies that the collector of evidence is recognized by the courts. The process of collecting is also assumed to be a legal process and appropriate for rules of evidence in that locality.
A data object or physical item only becomes evidence when so deemed by a law enforcement official or designee.