What is Computer Forensics?
Computer forensics is a branch of digital forensic science that combines the elements of law and computer science. It involves collecting and analyzing data and information obtained from computer systems, networks, wireless networks and communications. In addition, it involves data stored in various mediums such as hard drives, storage drives, thumb drives, CD-ROMs and even archaic floppy disks. Computer forensics is also known as cyber forensics, digital forensics and IT forensics. For the purposes of this article, we consider all of the variations to fall under the umbrella of computer forensics.
Professionals who work in the field may be known as Computer Forensic Analysts, Cyber Forensic Professionals or other related titles.
Computer Forensic Analysis Tools
- Guidance Software (now known as OpenText) is A company that manufactures computer forensic hardware and software for breach detection and response, investigations, eDiscovery and analysis tools.
- SANS Investigative Forensic Toolkit SIFT) Workstation – The SIFT Workstation is an investigative toolkit available to the digital forensics and incident response community. The suite contains tools that are designed to perform detailed digital forensic examinations in a variety of settings.
- Forensic Toolkit (FTK) – A single, centralized database-driven analysis tool that ensures everyone is working with the same data. This speeds search time and helps you spend more time analyzing the data.
- Netanalysis – Digital Detective officer a program called Netanalysis which is a state-of-the-art application for the extraction, analysis and presentation of forensic evidence relating to Internet browser and user activity on computer systems and mobile devices
- The Sleuth Kit (+Autopsy) – The Sleuth Kit and Autopsy Browser are UNIX open source digital forensic analysis tools, based on The Coroner’s Toolkit. They can be used to examine NTFS, FAT, FFS, EXT2FS and EXT3FS files.
Mobile Device Forensics
Other Helpful Tools
Unshredder – Unshredder is a simple program that unleashes the power of a desktop computer to reconstruct documentary evidence. Until now the only alternative to manual processing was to engage a third party to process the work on computers at their premises. Unshredder reduces the turnaround time, keeps full control of the investigation in-house and there is less risk of a security risk or loss of the evidence. The original shreds remain unchanged from the process and the integrity of the original is captured electronically to be printed or dispatched electronically by wire or disc.
CERT – Established in 1988, the CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
IACIS – IACIS® is an international volunteer non-profit corporation composed of law enforcement professionals dedicated to education in the field of forensic computer science. IACIS members represent Federal, State, Local and International Law Enforcement professionals. Regular IACIS members have been trained in the forensic science of seizing and processing computer systems.
IEEE Computer Society – With nearly 100,000 members, the IEEE Computer Society is the world’s leading organization of computer professionals. Founded in 1946, it is the largest of the 37 societies of the Institute of Electrical and Electronics Engineers (IEEE). The Computer Society’s vision is to be the leading provider of technical information and services to the world’s computing professionals. The Society is dedicated to advancing the theory, practice, and application of computer and information processing technology.
National White Collar Crime Center – The National White Collar Crime Center is focused on providing nationwide support for agencies involved in the prevention, investigation, and prosecution of economic and high-tech crimes. In addition, the center supports and partners with other appropriate entities to address homeland security initiatives, as they relate to economic and high-tech crimes.
Computer Crime Investigation Books
If you would like to learn more about the tools and techniques used by the experts, start with one of the following books.
Computer Forensics for Dummies
This book is designed to help anyone learn the basics of uncovering electronic evidence. It provides an easy to understand overview of how data is stored, encrypted, recovered and restored. In addition, it explains how to use the latest software tools to uncover evidence. Also, it explains how to transfer and store evidence without contaminating it. Plus, it contains a section explaining how to pursue a career in the field, including education requirements and how to find a job. Learn how to uncover information about email, internet use, networks and mobile devices.
Cyber Crime Investigator’s Field Guide
The Cyber Crime Investigator’s Field Guide provides the details of the entire process of investigating technological crimes and cyber crimes. Written by a former member of the NSA and Department of Defense, this book will help you learn how to collect and analyze digital evidence. In addition, the handbook includes helpful reference materials, case studies, a list of common Unix / Linux commands, port number references, and recommended computer forensic software tools. Includes an overview of specific software tools and how to use them.
Handbook of Computer Crime Investigations
This book serves as a detailed guide for security professionals who are already familiar with digital evidence. You’ll learn how to master the art and science of the forensic analysis of networks and systems. It provides an overview of the leading software programs used to gather and analyze digital evidence. It address computers, networks and embedded systems and goes beyond the practical and into the technical and legal aspects of such investigations.
Buy these and other Computer Crime Books at Amazon.com or check out our other Investigation Books.
Questions and Comments
If you have any questions about computer forensics and/or computer security, please leave a message below.