The World of Computer Forensics - an Introduction

On a broad basis, computer or cyber crime is any criminal activity or offence that involves computers. Involvement of computers can be of two types. It can refer to the use of a computer to perform a crime. It can also refer to a crime committed on a computer such as in the case of hacking.

In majority of the cases, experts in this field investigate data storage media which include but are not limited to hard disks and portable data devices such as floppy drives, compact discs and USB drives. In all computer-related crimes, criminals leave tracks and computer forensics just helps us find that. To put it simply, computer forensics is an analysis technique that is used to determine potential legal evidence in crimes involving computers.

Common Scenarios in Computer Crimes

The list of crimes committed with and on computers is pretty huge. But some most common scenarios that come to the table of computer forensic experts are as follows:

• Unethical hacking into a computer network with an intention to destroy it or steal information
• Unauthorised disclosure of company information and data by employees. This can either be accidental or intentional.
• Use of computers in committing a crime
• Industrial espionage
• Abuse of the Internet by the employee of a company such as visits to porn sites and those that have been marked unethical in a work environment
• Plagiarism, which involves the stealing of content from another work or literature.

Phases of Computer Forensics

On a broad level, there are essentially four phases for recovering evidence from a computer system, network or a storage medium. The results of these findings of computer forensic experts are used to initiate legal proceedings against criminals. The four phases are as follows:

1. Identifying the sources of the evidence
2. Preserving the evidence
3. Analysing the evidence
4. Presenting a report on the findings

Approach to Computer Forensics – a Case Study

Let us assume that a murder has been committed. On close examination, a damaged laptop has been acquired from the site of crime. For all that you know, the laptop might either contain information on the criminal, or the list of close acquaintances of the murdered person. A typical approach that a computer forensics expert might approach the case has been listed below:

1. It is first necessary to acquire and secure the evidence in hand, i.e. the laptop. This is done to prevent any further damage to the evidence during the investigation process.
2. Since the laptop is damaged, it is first wise to take a copy of the hard drive using one of data recovery techniques. This will help you recover all files from the hard drive including those that have been deleted. You will also need to examine files that have been hidden or protected.
3. The next step will be to closely examine the data and system settings of installed applications. For example, if the person had used the right mouse button for double-clicking an icon on his computer, you can very well infer that the person was a left hander.
4. Subsequently, you may need to analyse the user’s activity on the computer such as the websites that he had visited.
5. As a last step, you need to create a detailed report. Throughout this investigation process, it is essential that you maintain the sequence of steps that you performed to carry out the audit.

The above mentioned steps are only a broad-level approach. One has to keep in mind that there is a whole array of tools and techniques that actually aid in each of the above-mentioned steps.

Computer Forensics – a Giant Leap in Forensic Sciences

With the continuous evolution of computer technology there has also been a significant rise in computer-related or cyber crimes. The field of computer forensics, a giant offshoot of forensic sciences, is one of the fastest growing fields to track down computer-related crimes. As technical advancement in computer technology is taking new heights, cyber crimes have also started growing at an equal pace. Computer forensics has helped keep a check on these crimes to a large extent. It is, of course, a boon in disguise.

Technology Information

Information technology (IT), as defined by the Information Technology Association of America (ITAA), is "the study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware." In short, IT deals with the use of electronic computers and computer software to convert, store, protect, process, transmit and retrieve information, securely.

Recently it has become popular to broaden the term to explicitly include the field of electronic communication so that people tend to use the abbreviation ICT (Information and Communications Technology).

Computer Science

Computer science, or computing science, is the study of the theoretical foundations of information and computation and their implementation and application in computer systems.^[1][2][3] Computer science has many sub-fields; some emphasize the computation of specific results (such as computer graphics), while others relate to properties of computational problems (such as computational complexity theory). Still others focus on the challenges in implementing computations. For example, programming language theory studies approaches to describing computations, while computer programming applies specific programming languages to solve specific computational problems. A further subfield, human-computer interaction, focuses on the challenges in making computers and computations useful, usable and universally accessible to people.