Computer Forensics: Breaking Down the 1’s and 0’s of Cyber Activity for Potential Evidence by Joseph Coward on 17/04/09

Computer systems today provide the foundation of data storage for many businesses and a must have convenience for individuals. Customer records, account data, transaction records, personal identifying information, and other data rich information are available for use or to be protected from use or loss. In any case, an event that leads to the loss, theft, access (authorized or not), transmission or other use may be called into question to answer who, what, when, where, why, and how. In the mentioned situations, computer forensics comes to the light in order to search, find, and protect system logs or application logs. This is because information regarding the location of the actual data or information relating to the actual data is very valuable in various instances.

Computer Forensics, thanks to the ever increasing use and dependence on computers, is becoming a growing and valuable field. Computer Forensics refers to “the use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded” [1]. There are many instances of where crimes involving a computer need to be investigated. These crimes range from child exploitation to a network breach resulting in the theft of personal data or the destruction of digital information. In today’s digital world, it is important to put a real person behind the keyboard of any type of cyber event, primarily in instances of cybercrime. Computer Forensics attempts to do exactly that. “The core goals of computer forensics are fairly straightforward: the preservation, identification, extraction, documentation, and interpretation of computer data [2].” In order to do this, there are generally two types of data that are collected in computer forensics. Persistent data, which is data stored on a local hard drive or another medium. This type of data is preserved when the computer is powered off. There is also volatile data, which is any data stored in memory, or exists in transit. This refers to data that is lost when the computer loses power or is turned off. This type of data resides in cache and RAM [3]. Depending on the nature of the crime, skill or knowledge the cybercriminal has relating to computers or origin of the cyber event, the digital evidence remaining as proof of the event may be limited. Also, what little evidence that is recovered, or could be recovered, becomes a vital part of the legal proceedings that could follow.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.