Computer Forensics Explained:
Computer forensics grouped together with digital forensic science; in a specific sense, the field of computer forensics pertains to the obtainment of legal evidence, which is stored in computer systems and digital storage media units. Those involved in computer forensics are responsible for examining digital media and files to recover, preserve, and analyze to ultimately identify facts concerning a legal matter or situation. Computer forensics, thus requires the inspection of an individual’s—who is involved in a legal matter—personal computer or digital files.
The field of computer forensics is connected with the investigation of computer crimes. In an investigatory sense, the discipline of computer forensics will incorporate similar techniques and principles found in data recovery; however, the field of computer forensics will attach additional practices and guidelines which are implemented to create a legal audit trial.
The evidence gathered from a computer forensics investigation is typically subjected to the same protocol and practices of other digital evidence. Evidence obtained from computer forensic techniques cannot be tampered with and must meet the constitutional guidelines of a fair legal trial.
The History of Computer Forensics:
In the early 1980s, computer systems were more accessible to consumers; as a result of this popularity, networks began to store personal information aligned with banking and identification purposes. As computers facilitated transactions and consumer activity, they attracted criminals interested in committing fraud and tampering with personal information. During this time, the discipline of computer forensics emerged as a method to investigate and recover digital evidence used in court systems. In a more modern sense, computer forensics is used to investigate criminal activity, including, fraud, child pornography, cyber stalking, cyber bullying, murder, and rape.
The information recovered from computer forensics is used to elucidate upon the current state of a digital artifact, such as a storage medium, a computer system, or an electronic document. Once the information is obtained, the scope of a forensic investigation can vary from a simple retrieval of information to reconstructing a complex series of events.
Computer Forensics used as Evidence:
Evidence obtained through the implementation of computer forensics has been applied to criminal law cases since the early 1980s. In the court of law, information or evidence obtained from computer forensics is subject to the typical requirements for digital evidence—meaning the evidence obtained must be reliably obtained and admissible, as well as authenticated. In addition to these guidelines, various countries and jurisdictions have implemented specific regulations attached to the recovery of computer forensic evidence.
Computer Forensics Process:
Computer forensic investigations follow the standard digital forensic process, which includes the acquisition of evidence through a computer platform, subsequent analysis and reporting. A number of techniques are used during computer forensics investigations, including cross-drive analysis, live analysis, and the studying of deleted files.
Cross-drive analysis refers to a forensic technique that correlates information present on multiple hard drives. The process can be used for identifying social networks or for performing anomaly detection. Live analysis is the process of examining computers within the operating system using a custom tool to extract the evidence.