Overview of Computer Forensics
Computer forensics is a branch of digital forensic science that combines the elements of law and computer science. It involves collecting and analyzing data and information from computer systems, networks, wireless networks, and communications.
In addition, it involves data stored in various mediums such as hard drives, storage drives, thumb drives, CD-ROMs, and even archaic floppy disks. Computer forensics is also known as cyber, digital, and IT forensics. For this article, we consider all variations to fall under the umbrella of computer forensics.
Professionals in the field may be known as Computer Forensic Analysts, Cyber Forensic Professionals, or other related titles.
Computer Forensic Analysis Tools
Guidance Software (now known as OpenText) is a company that manufactures computer forensic hardware and software for breach detection and response, investigations, eDiscovery, and analysis tools.
SANS Investigative Forensic Toolkit (SIFT) Workstation – The SIFT Workstation is an investigative toolkit available to the digital forensics and incident response community. The suite contains tools that are designed to perform detailed digital forensic examinations in a variety of settings.
Forensic Toolkit (FTK) – A single, centralized database-driven analysis tool ensures everyone works with the same data. This speeds up search time and helps you analyze the data more.
Netanalysis – Digital Detective Officer a program called Net analysis, which is a state-of-the-art application for the extraction, analysis, and presentation of forensic evidence relating to the Internet browser and user activity on computer systems and mobile devices
The Sleuth Kit (+Autopsy) – The Sleuth Kit and Autopsy Browser are UNIX open-source digital forensic analysis tools, based on The Coroner’s Toolkit. They can be used to examine NTFS, FAT, FFS, EXT2FS, and EXT3FS files.
- Volatility – The Volatility Foundation promotes open-source memory forensics software within the Volatility Framework. The software analyzes the run-time state of a system using data found in RAM.
- WindowsSCOPE – WindowSCOPE provides memory forensics and incident response tools, accessories, and solutions.
- Belkasoft Live RAM Capturer – Belkasoft Live RAM Capturer is a free forensic tool that extracts the computer’s volatile memory contents. The tool works even if an active anti-debugging or anti-dumping system protects the computer.
Mobile Device Forensics
- Magnet AXIOM – Magnet AXIOM is a comprehensive, integrated digital investigation platform. Magnet offers a suite of products for many different types of investigations. They have solutions for computers, mobile, smartphones, cloud, flash devices, and more.
- Belkasoft Evidence Center – Belkasoft’s Evidence Center is a comprehensive solution used by Law Enforcement, Intelligence Agencies, Military, Lab, Corporations, and Investigators. This product lets you acquire data from a computer, laptop, or mobile device. It identifies over 1000 different types of artifacts. Plus, it has powerful analysis and reporting features.
- XRY Extract – XRY Extract allows you to recover digital evidence from PCs, phones, and apps to support your investigation. The applications run on the Windows operating system with features like password bypass, image recognition, and more.
- CodeSuite – CodeSuite is a tool that compares computer source code to detect plagiarism, copyright infringement, and trade secret theft. It has been used in several high-profile legal cases.
Other Helpful Tools
Unshredder – Unshredder is a simple program that unleashes the power of a desktop computer to reconstruct documentary evidence. Until now, the only alternative to manual processing was to engage a third party to process the work on computers at their premises. Unshredder reduces the turnaround time, keeps full control of the investigation in-house, and there is less risk of a security risk or loss of the evidence. The original shreds remain unchanged from the process, and the integrity of the original is captured electronically to be printed or dispatched electronically by wire or disc.
CERT – Established in 1988, the CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
IACIS – IACIS® is an international volunteer non-profit corporation composed of law enforcement professionals dedicated to education in forensic computer science. IACIS members represent Federal, State, Local, and International Law Enforcement professionals. Regular IACIS members have been trained in the forensic science of seizing and processing computer systems.
IEEE Computer Society – With nearly 100,000 members, the IEEE Computer Society is the world’s leading organization of computer professionals. Founded in 1946, it is the largest of the 37 societies of the Institute of Electrical and Electronics Engineers (IEEE). The organization is dedicated to advancing computer and information processing technology’s theory, practice, and application.
National White Collar Crime Center – The National White Collar Crime Center is focused on providing nationwide support for agencies involved in the prevention, investigation, and prosecution of economic and high-tech crimes. In addition, the center supports and partners with other appropriate entities to address homeland security initiatives related to economic and high-tech crimes.
Computer Crime Investigation Books
If you would like to learn more about the tools and techniques used by the experts, start with one of the following books.
This book is designed to help anyone learn the basics of uncovering electronic evidence. It provides an easy-to-understand overview of how data is stored, encrypted, recovered, and restored. In addition, it explains things like:
- How to use the latest software tools to uncover evidence
- Also, it explains how to transfer and store evidence without contaminating it
- Plus, it contains a section explaining how to pursue a career in the field, including education requirements and how to find a job
- How to protect personal privacy
- How to handle passwords and encrypted data
Use the Computer Forensics for Dummies book for practical help on how to uncover information about email, internet use, networks, and mobile devices.
The Cyber Crime Investigator’s Field Guide details the investigation process of technological crimes and cybercrimes. Written by a former NSA and Department of Defense member, this book will help you learn how to collect and analyze digital evidence.
In addition, the handbook includes helpful reference materials, case studies, a list of common Unix / Linux commands, port number references, and recommended computer forensic software tools. Includes an overview of specific software tools and how to use them.
Buy these and other Computer Crime Books at Amazon.com or check out our other Investigation Books.
Also, learn other forensic tools in the Open Source Intelligence (OSINT) article.
Questions and Comments
If you have questions about computer forensics and/or computer security, please leave a message below.