What is computer forensics?
Computer forensics is a relatively new discipline within the field of Criminal Justice sciences that deals with collection, detection, protection and analysis of evidence in a digital form and includes their presentation of as evidence material in subsequent possible legal proceedings.
Computer forensics is an important part of forensic science not only for capture and conviction of cyber-criminals, but also a range variety of criminal offenders. Computer security incidents have become very common and inevitable. In order to discover the culprits behind the incidents it’s necessary to use computer forensics techniques
The goal of criminal justice online classes in computer forensics is to familiarize students with the current state of the digital artifacts. The term digital artifact can include computer systems, data storage media such as hard disk or DVD media, electronic document (e-mail messages, digital photography) and a number of network packets.
There are many reasons for application of computer forensics, and some of them are:
• In legal cases, computer forensic techniques are used for analysis of the computer devices belonging to the defendants.
• To recover data in case of failure of computer components and peripherals, and analysis of computer programs.
• Analyze of computer systems after computer attack to determine how the attacker approached the system and what he did after he broke into the system.
• To collect evidence against the employee for whom the organization considers is engaged in activities that are not permitted.
• To collect data on computer systems for the purpose of finding errors in programs, optimize the effectiveness of programs or reverse engineering.
When conducting a forensic investigation is necessary to take special measures in order to make sure if the evidence can be admissible in court. One of the most important measure is to ensure that evidence is collected properly and that respect the chain of possession of evidence from the crime scene to the laboratory and finally to the Court.
An electronic device used to commit a criminal act or was a tool for doing the same is transferred to forensic laboratory in the same state as it was found for further analysis. Data is copied from it using forensic tools and this copy forms the basis for the investigation. The original device is never the object on which investigations is carried out as it must serve as proof. Therefore, any information on it must not be altered. A copy must be credible that in order to be an object of investigation. Sometimes an electronic device cannot be transferred to laboratory and the copying must be done at the scene. Once the credibility of the copy is proven, it is time to begin collecting data that is afterwards analyzed.
Computer forensics is divided into four branches:
• Firewall Forensics
• Network Forensics
• Forensics database
• Forensics mobile device