31-08-2017, 04:53 PM
Forensic computer science (also known as computer forensics) is a branch of digital forensic science related to the evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a solid forensic way with the aim of identifying, preserving, retrieving, analyzing and presenting facts and opinions about digital information.
Although it is most often associated with the investigation of a wide variety of computer crimes, computer forensics can also be used in civil proceedings. The discipline involves techniques and principles similar to data recovery, but with additional guidelines and practices designed to create a legal audit trail.
Evidence from computer forensics investigations is usually subject to the same guidelines and practices of other digital tests. It has been used in a number of high profile cases and is becoming widely accepted as reliable within American and European court systems.
In the early 1980s, personal computers became more accessible to consumers, which led to their increased use in criminal activities (eg to help commit fraud). At the same time, several new "computer crimes" were recognized (such as hacking). The discipline of computer forensics emerged during this time as a method to retrieve and investigate digital evidence for use in court. Since then, computer crime and computer-related crime have grown, and increased by 67% between 2002 and 2003. Today it is used to investigate a wide range of offenses, including child pornography, fraud, espionage, cyberstalking, murder and rape. Discipline also appears in civil proceedings as a form of information gathering (eg, electronic discovery)
Forensic techniques and expert knowledge are used to explain the current state of a digital artifact; such as a computer system, a storage medium (for example, a hard disk or a CD-ROM), an electronic document (for example, an e-mail message or a JPEG image). The scope of a forensic analysis can vary from the simple recovery of the information until the reconstruction of a series of events. In a 2002 book, Computer Forensics authors, Kruse and Heiser, define computer forensics as "the preservation, identification, extraction, documentation and interpretation of computer data". They continue to describe discipline as "more an art than a science" that forensic methodology is backed by flexibility and extensive knowledge of the domain. However, although several methods can be used to extract evidence from a given computer, the strategies used by law enforcement are quite rigid and lack the flexibility found in the civilian world.
Although it is most often associated with the investigation of a wide variety of computer crimes, computer forensics can also be used in civil proceedings. The discipline involves techniques and principles similar to data recovery, but with additional guidelines and practices designed to create a legal audit trail.
Evidence from computer forensics investigations is usually subject to the same guidelines and practices of other digital tests. It has been used in a number of high profile cases and is becoming widely accepted as reliable within American and European court systems.
In the early 1980s, personal computers became more accessible to consumers, which led to their increased use in criminal activities (eg to help commit fraud). At the same time, several new "computer crimes" were recognized (such as hacking). The discipline of computer forensics emerged during this time as a method to retrieve and investigate digital evidence for use in court. Since then, computer crime and computer-related crime have grown, and increased by 67% between 2002 and 2003. Today it is used to investigate a wide range of offenses, including child pornography, fraud, espionage, cyberstalking, murder and rape. Discipline also appears in civil proceedings as a form of information gathering (eg, electronic discovery)
Forensic techniques and expert knowledge are used to explain the current state of a digital artifact; such as a computer system, a storage medium (for example, a hard disk or a CD-ROM), an electronic document (for example, an e-mail message or a JPEG image). The scope of a forensic analysis can vary from the simple recovery of the information until the reconstruction of a series of events. In a 2002 book, Computer Forensics authors, Kruse and Heiser, define computer forensics as "the preservation, identification, extraction, documentation and interpretation of computer data". They continue to describe discipline as "more an art than a science" that forensic methodology is backed by flexibility and extensive knowledge of the domain. However, although several methods can be used to extract evidence from a given computer, the strategies used by law enforcement are quite rigid and lack the flexibility found in the civilian world.