Overview of Computer Forensics
Computer forensics is a branch of digital forensic science that combines the elements of law and computer science. It involves collecting and analyzing data and information obtained from computer systems, networks, wireless networks, and communications.
In addition, it involves data stored in various mediums such as hard drives, storage drives, thumb drives, CD-ROMs, and even archaic floppy disks. Computer forensics is also known as cyber forensics, digital forensics, and IT forensics. For the purposes of this article, we consider all of the variations to fall under the umbrella of computer forensics.
Professionals who work in the field may be known as Computer Forensic Analysts, Cyber Forensic Professionals or other related titles.
Computer Forensic Analysis Tools
Guidance Software (now known as OpenText) is a company that manufactures computer forensic hardware and software for breach detection and response, investigations, eDiscovery, and analysis tools.
SANS Investigative Forensic Toolkit (SIFT) Workstation – The SIFT Workstation is an investigative toolkit available to the digital forensics and incident response community. The suite contains tools that are designed to perform detailed digital forensic examinations in a variety of settings.
Forensic Toolkit (FTK) – A single, centralized database-driven analysis tool that ensures everyone is working with the same data. This speeds search time and helps you spend more time analyzing the data.
Netanalysis – Digital Detective officer a program called Netanalysis which is a state-of-the-art application for the extraction, analysis, and presentation of forensic evidence relating to the Internet browser and user activity on computer systems and mobile devices
The Sleuth Kit (+Autopsy) – The Sleuth Kit and Autopsy Browser are UNIX open-source digital forensic analysis tools, based on The Coroner’s Toolkit. They can be used to examine NTFS, FAT, FFS, EXT2FS, and EXT3FS files.
- Volatility – The Volatility Foundation promotes open source memory forensics software within the Volatility Framework. The software analyzes the run-time state of a system using data found in RAM.
- WindowsSCOPE – WindowSCOPE provides memory forensics and incident response tools, accessories and solutions.
- Belkasoft Live RAM Capturer – Belkasoft Live RAM Capturer is a free forensic tool that extracts the contents of the computer’s volatile memory. The tool works even if the computer is protected by an active anti-debugging or anti-dumping system.
Mobile Device Forensics
- Magnet AXIOM – Magnet AXIOM is a comprehensive, integrated digital investigation platform. Magnet offers a suite of products for many different types of investigations. They have solutions for computers, mobile, smartphones, cloud, flash devices and more.
- Belkasoft Evidence Center – Belkasoft’s Evidence Center is a comprehensive solution used by Law Enforcement, Intelligence Agencies, Military, Lab, Corporations, and Investigators. This product allows you to acquire data from a computer, laptop or mobile device. It identifies over 1000 different types of artifacts. Plus, it has powerful analysis and reporting features.
- XRY Extract – Allows you to recover digital evidence from PC’s, phones and apps to support your investigation. The applications run on the Windows operating system with features like password bypass, image recognition and more.
- CodeSuite – CodeSuite is a tool that compares computer source code to detect plagiarism, copyright infringement, and trade secret theft. It has been used in a number of high profile legal cases.
Other Helpful Tools
Unshredder – Unshredder is a simple program that unleashes the power of a desktop computer to reconstruct documentary evidence. Until now the only alternative to manual processing was to engage a third party to process the work on computers at their premises. Unshredder reduces the turnaround time, keeps full control of the investigation in-house and there is less risk of a security risk or loss of the evidence. The original shreds remain unchanged from the process and the integrity of the original is captured electronically to be printed or dispatched electronically by wire or disc.
CERT – Established in 1988, the CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
IACIS – IACIS® is an international volunteer non-profit corporation composed of law enforcement professionals dedicated to education in the field of forensic computer science. IACIS members represent Federal, State, Local and International Law Enforcement professionals. Regular IACIS members have been trained in the forensic science of seizing and processing computer systems.
IEEE Computer Society – With nearly 100,000 members, the IEEE Computer Society is the world’s leading organization of computer professionals. Founded in 1946, it is the largest of the 37 societies of the Institute of Electrical and Electronics Engineers (IEEE). The Society is dedicated to advancing the theory, practice, and application of computer and information processing technology.
National White Collar Crime Center – The National White Collar Crime Center is focused on providing nationwide support for agencies involved in the prevention, investigation, and prosecution of economic and high-tech crimes. In addition, the center supports and partners with other appropriate entities to address homeland security initiatives, as they relate to economic and high-tech crimes.
Computer Crime Investigation Books
If you would like to learn more about the tools and techniques used by the experts, start with one of the following books.
This book is designed to help anyone learn the basics of uncovering electronic evidence. It provides an easy to understand overview of how data is stored, encrypted, recovered and restored. In addition, it explains how to use the latest software tools to uncover evidence. Also, it explains how to transfer and store evidence without contaminating it. Plus, it contains a section explaining how to pursue a career in the field, including education requirements and how to find a job. Learn how to uncover information about email, internet use, networks, and mobile devices.
The Cyber Crime Investigator’s Field Guide provides the details of the entire process of investigating technological crimes and cybercrimes. Written by a former member of the NSA and Department of Defense, this book will help you learn how to collect and analyze digital evidence. In addition, the handbook includes helpful reference materials, case studies, a list of common Unix / Linux commands, port number references, and recommended computer forensic software tools. Includes an overview of specific software tools and how to use them.
This book serves as a detailed guide for security professionals who are already familiar with digital evidence. You’ll learn how to master the art and science of the forensic analysis of networks and systems. It provides an overview of the leading software programs used to gather and analyze digital evidence. It addresses computers, networks, and embedded systems and goes beyond the practical and into the technical and legal aspects of such investigations.
Buy these and other Computer Crime Books at Amazon.com or check out our other Investigation Books.
Also, learn about another tool in the article Open Source Intelligence (OSINT) tools.
Questions and Comments
If you have any questions about computer forensics and/or computer security, please leave a message below.