Computer Forensics – What is Computer Forensics?

Defining What is Computer Forensics

A document distributed by the United States government in 2008 outlines the meaning as this, “Forensics is a process of using scientific knowledge of collecting, analyzing, and presenting evidence to the legal systems” (US-Cert, 2008). Furthermore, the document also adds that computer forensics is a newer process to the court systems, and policies are still being adapted in how to implement them. Although the collection of forensics is not new, the process of computer data collection is currently evolving as we progress through the digital times we now live in. This brings us to the meaning of forensics and how it relates to computers. Referring back to the same article, we extract the meaning of computer forensics as, “A discipline that combines the elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-Cert, 2008). Some definitions may vary slightly from this, but in general computer forensics is a technique used for identification, collection, examination, and protection of information which may be electronically or magnetically stored. To add more depth to this meaning, computer forensics is not just collection and examination of data off the hard drive “persistent data” but also “volatile data” which is data stored in memory that could be lost once the system is powered off. (Nolan, 2005). Now that we have placed meaning on what computer forensics is, when is this process used?

Computer Forensics Usage

Companies and organizations must pay close attention to their infrastructure to protect their assets. According to a free open source Website based around a community of computer forensics professionals, some common circumstances that involve computer forensics at work include: “employee internet abuse, unauthorized disclosures of information, industrial espionage, damage assessment following a breach, criminal fraud or deception, simple storage of information intentionally or unwillingly along with other aspects” (FAQ, 2010). This leads to some examples coming to mind such as child pornography cases in which predators download and store harmful and unlawful pictures. In identity theft cases where personal information is accidently leaked or has been comprised, computer forensics is used to examine the full potential of breaches. The Computer Forensics World website is full of information for those seeking careers in this field and/or training-related resources. It’s a good place to start for questions and answers. I will be returning to the site.

We have a meaning of forensics, and an understanding of some of the crimes that can be solved or prosecuted using computer forensics, but why the focus? The focus is because computer forensics is very meaningful. As technology continues to rapidly evolve, companies and organizations continue to adopt systems for collecting forensics data to better position themselves in their perspective markets. Information technology professionals must stay abreast of these changes and adapt accordingly. To be effective at doing this, we must examine risks and opportunities so our clients and the companies we work for remain sustainable. According to Specker and Janson, “effective network security includes protocols to detect, to investigate, and to preclude the recurrence of any breach in the stalled security system” (Specker & Janson, 2010). That quote comes from an interesting article titled, “Forensic Resources for Network Professionals”. In the article they outline a number of resources pertaining to security, dealing with the breaches, and how to effectively deal with a possible comprised network. As the article outlines that a company’s bottom line will often trump security concerns when the firm decides to position themselves and their systems online, so information technology professionals will be faced with threats from the expanding businesses.

Keeping the meaning and the goals of what is computer forensics in mind, there are a few other things of which upcoming professionals should be made aware. One, we have to obtain authorization before monitoring and starting to collect data related to the intrusion, as pointed out in the article from US-Cert, as legal criteria does exist in using monitoring tools similar to police needing a search warrant signed by a judge of a jurisdiction to execute a search. Laws are in place to protect the privacy of users and personal data, so policies and documentation protocols must be followed. Again as an example, for evidence to be submitted into a court hearing it must be collected by legal means.

Forensics Summary

In conclusion, computer forensics exists to help keep our computer data infrastructure secure and sustainable. Computer forensics collection and examination is much like a crime scene where collecting, analyzing, and protecting the evidence is done so it can be submitted in the courts, only instead of taking blood and carpet fiber samples, we are pulling the evidence from computer systems, wireless networks, and computer data storage devices. One must abide by the laws so the evidence collection is admissible in court in cases where criminal prosecution exists. If the IT professional is skilled and is able to carry out these tasks, one becomes a great asset to their respective employer. I hope this gives you a better idea what is in the world ofcomputer forensics.