Computer forensic investigation is the process of detecting hacking and other related cybercrime attacks and properly extracting evidence to report the crime, as well as conduct audits to prevent future attacks.
Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including (but not limited to) fraud, theft of trade secrets and theft or destruction of intellectual property. Investigators can draw on an array of methods for discovering information that resides in a computer system or recovering deleted, encrypted or damaged file information.
Securing and analyzing electronic evidence is a central theme in an ever-increasing number of conflict situations and criminal cases. Electronic evidence is critical in the following situations:
- Disloyal employees.
- Computer break-ins.
- Possession of pornography.
- Breach of contract.
- Industrial espionage.
- E-mail fraud.
- Disputed dismissals.
- Web page defacements.
- Theft of company documents.
A computer forensics investigator is responsible for recovering data from computers that can be used in the prosecution of a criminal or in gathering evidence of a crime.
But contrary to public perception, a computer forensics investigation might include equipment beyond the normal computer, including cell phones, video recorders, thumb drives, BlackBerries, PDAs and MP3 players.
Computer forensics enables the systematic and careful identification of evidence in computer-related crime and abuse cases. This might range from tracing the tracks of a hacker through a client’s systems to tracing the…
Please log in or subscribe to read this article