Computer Forensics

Computer forensics is a fairly new science, and it involves and combines elements of computer science and law. The essential purpose of computer forensics is simple – to gather and analyze digital data from whatever source, in a fashion that is admissible as evidence in a court of law.
Forensics is the process of scientifically acquiring or collecting, recording, analyzing, and presenting evidence to the courts, and computer forensics is the same process as it applies to data in a digital format, whether on a computer, a PDA, a cell phone or other digital media. Often the digital data will be in static or persistent form, but the computer forensic science also has to cover situations where the data is volatile or live, as in the case of cell phone communications, hacking, malicious code, or attempts to break into a private or protected network.

Static or persistent data is that data which is stored on a local physical medium, typically a hard drive or a memory stick. It is persistent because the data survives even when the computer or device is switched off. When a computer is operating and being used, lots of information is produced and recorded in the RAM, or random access memory, but this data is lost (at least to most users) when the computer is switched off.

Computer Forensics – Investigations

The majority of cases reaching courts involving digital data probably involve data recorded or transmitted to or from a computer. The crimes cover pretty much the full spectrum of criminal activity, including child pornography and the theft or destruction of personal or intellectual property.

There have been recent cases of journalists hacking into the cell phones of politicians and celebrities, looking for information that might mean an exclusive revelation in the newspaper or media. No doubt many computer forensics experts and specialists were involved in acquiring and analysing the digital information recorded by the journalists.

In most cases involving misuse of digital data, attempts will be made by the perpetrators to hide their tracks – files will have been deleted or encrypted, and the physical media – a hard drive, for example, or a cell phone – may have been deliberately damaged physically. The computer forensics team will be familiar with a mighty arsenal of computer forensics tools and software which will prevent any further damage to the data and will facilitate the full or partial recovery of the data.

If you are a manager or administer of information systems or networks, then a sound knowledge of computer forensics will be invaluable to your organisation or business, for it will enable you to put into place systems and procedures which will reduce to a minimum the possibility of your system or network being compromised, and in the event that your security is breached, will ensure that critical information regarding that breach is recorded for subsequent examination and analysis.

There is also the serious point to make regarding the responsibility of organisations to safeguard effectively the privacy of personal data regarding their employees. Where the management includes someone with a thorough knowledge of computer forensics, then that organisation is probably going to implement computer security best practices, protecting themselves from potential lawsuits in the event of loss of personal or private data.

Computer Forensics – Training

So how do you get into this exciting and lucrative profession? And what is the best computer forensics training ? How easy is it to get one of these computer forensics jobs , and what roughly is a computer forensics salary?

First and foremost you will need a thorough understanding of computers, both hardware and software. You will study computer operating systems, as well as security principles and networks. And you will have to know all about what happens to digital data on switched-on computers, on switched-off computers, or on computers communicating over a network, as well as data recorded on or being transmitted to or from cell phones, PDAs, smartphones etc. etc.

You can seek out computer forensics courses or computer forensics classes, perhaps online or in your local neighbourhood, with a view to obtaining either a computer forensics certification or a computer forensics degree.
Armed with all this knowledge and the requisite training and certification, you can then decide whether to seek your career in a corporate network security environment, or in the land of CSI – law enforcement. Computer forensics is rapidly spawning a multitude of specialisms within the discipline, as technology develops ever more rapidly, and the law courts struggle to keep abreast of the latest developments.

Please browse our site for further computer forensics information.