Difference between revisions of "Computer forensics"

From ForensicsWiki
Jump to: navigation, search
(Edited wrong page! Restoring incorrect deletion.)
(External Links)
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
Computer forensics is the practice of identifying, extracting and considering evidence from digital media such as computer hard drives. [[Digital evidence]] is both fragile and volatile and requires the attention of a certified specialist to ensure that materials of evidentiary value can be effectively isolated and extracted in a scientific manner that will bear the scrutiny of a court of law.  
 
Computer forensics is the practice of identifying, extracting and considering evidence from digital media such as computer hard drives. [[Digital evidence]] is both fragile and volatile and requires the attention of a certified specialist to ensure that materials of evidentiary value can be effectively isolated and extracted in a scientific manner that will bear the scrutiny of a court of law.  
 +
 
Computer forensics is not to be confused with the more generic term of 'forensic computing', which refers to the analysis and study of all types of digital media and materials - whether they be of a computing or telecommunication nature. Computer forensics, in a strict sense, applies specifically to the evaluation of computers and data storage or data processing devices.
 
Computer forensics is not to be confused with the more generic term of 'forensic computing', which refers to the analysis and study of all types of digital media and materials - whether they be of a computing or telecommunication nature. Computer forensics, in a strict sense, applies specifically to the evaluation of computers and data storage or data processing devices.
== External Links ==
 
  
* [http://en.wikipedia.org/wiki/Computer_forensics Wikipedia: Computer forensics]
+
== Background ==
 +
Forensic science is the scientific method of gathering and examining information about the past. The word forensic comes from the Latin forēnsis, meaning "of or before the forum." In modern use, the term forensics in the place of forensic science can be considered correct, as the term forensic is effectively a synonym for legal or related to courts. [http://en.wikipedia.org/wiki/Forensic_science].
  
*[http://www.wikicrimeline.co.uk/index.php?title=Digital_evidence WikiCrimeLine Digital evidence]
+
Most legal systems apply a form of a legal burden of proof. A legal burden of proof is the imperative on a party in a trial to produce the evidence that will shift the conclusion away from the default position to one's own position. [http://en.wikipedia.org/wiki/Legal_burden_of_proof]
  
*[http://www.wikicrimeline.co.uk/index.php?title=Computer_forensics WikiCrimeLine Computer forensics]
+
== Forensics examinations ==
 +
Four things are key to all forensics examinations; the:
 +
# Maintenance of data integrity as well as data authenticity,
 +
# Prevention of contamination of data,
 +
# Proper and comprehensive documentation and
 +
# Implementation of a systematic, scientific methodology
 +
 
 +
== Forensic profession ==
 +
All professionals involved in a forensics examination have both an ethical and a professional responsibility to:
 +
* Maintain their objectivity.
 +
* Present facts accurately and
 +
* Not withhold any findings as such actions may distort or misrepresent the facts
 +
* Render opinions only on the basis of what can be reasonably demonstrated.
 +
 
 +
== Terminology ==
 +
=== Artifact ===
 +
The term artifact (or artefact) is widely used within computer forensics, though there is no official definition of this term.
 +
 
 +
The definition closest to the meaning of the word within computer forensics is that of the word artifact within archaeology [http://en.wikipedia.org/wiki/Artifact_(archaeology)].
 +
The term should not be confused with the word artifact used within software development [http://en.wikipedia.org/wiki/Artifact_(software_development)].
 +
 
 +
If archaeology defines an artifact as:
 +
<pre>
 +
something made or given shape by man, such as a tool or a work of art, esp an object of archaeological interest
 +
</pre>
 +
 
 +
The definition of artifact within computer forensics could be:
 +
<pre>
 +
An object of digital archaeological interest.
 +
</pre>
 +
 
 +
Where digital archaeological roughly refers to computer forensics without the forensic (legal) context.
 +
 
 +
== See Also ==
 +
* [[Digital evidence]]
 +
* [[File Analysis]]
 +
* [[Malware analysis]]
 +
* [[Memory analysis]]
 +
 
 +
== External Links ==
 +
* [http://en.wikipedia.org/wiki/Computer_forensics Wikipedia: Computer forensics]
 +
* [http://en.wikipedia.org/wiki/Forensic_science Wikipedia: Forensic science]
 +
* [http://en.wikipedia.org/wiki/Legal_burden_of_proof Wikipedia: Legal burden of proof]
 +
* [http://www.isfs.org.hk/publications/ISFS_ComputerForensics_part2_20090806.pdf Computer Forensics Part 2: Best Practices], by Information Security and Forensics Society (ISFS), August 2009
 +
* [http://thedigitalstandard.blogspot.ch/2009/06/alexiou-principle.html?m=1 The Alexiou Principle], cepogue, June 27, 2009

Latest revision as of 04:57, 29 November 2014

Computer forensics is the practice of identifying, extracting and considering evidence from digital media such as computer hard drives. Digital evidence is both fragile and volatile and requires the attention of a certified specialist to ensure that materials of evidentiary value can be effectively isolated and extracted in a scientific manner that will bear the scrutiny of a court of law.

Computer forensics is not to be confused with the more generic term of 'forensic computing', which refers to the analysis and study of all types of digital media and materials - whether they be of a computing or telecommunication nature. Computer forensics, in a strict sense, applies specifically to the evaluation of computers and data storage or data processing devices.

Background

Forensic science is the scientific method of gathering and examining information about the past. The word forensic comes from the Latin forēnsis, meaning "of or before the forum." In modern use, the term forensics in the place of forensic science can be considered correct, as the term forensic is effectively a synonym for legal or related to courts. [1].

Most legal systems apply a form of a legal burden of proof. A legal burden of proof is the imperative on a party in a trial to produce the evidence that will shift the conclusion away from the default position to one's own position. [2]

Forensics examinations

Four things are key to all forensics examinations; the:

  1. Maintenance of data integrity as well as data authenticity,
  2. Prevention of contamination of data,
  3. Proper and comprehensive documentation and
  4. Implementation of a systematic, scientific methodology

Forensic profession

All professionals involved in a forensics examination have both an ethical and a professional responsibility to:

  • Maintain their objectivity.
  • Present facts accurately and
  • Not withhold any findings as such actions may distort or misrepresent the facts
  • Render opinions only on the basis of what can be reasonably demonstrated.

Terminology

Artifact

The term artifact (or artefact) is widely used within computer forensics, though there is no official definition of this term.

The definition closest to the meaning of the word within computer forensics is that of the word artifact within archaeology [3]. The term should not be confused with the word artifact used within software development [4].

If archaeology defines an artifact as:

something made or given shape by man, such as a tool or a work of art, esp an object of archaeological interest

The definition of artifact within computer forensics could be:

An object of digital archaeological interest.

Where digital archaeological roughly refers to computer forensics without the forensic (legal) context.

See Also

External Links