Difference between revisions of "Computer forensics"

From ForensicsWiki
Jump to: navigation, search
(General description only)
m (Background)
 
(18 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
Computer forensics is the practice of identifying, extracting and considering evidence from digital media such as computer hard drives. [[Digital evidence]] is both fragile and volatile and requires the attention of a certified specialist to ensure that materials of evidentiary value can be effectively isolated and extracted in a scientific manner that will bear the scrutiny of a court of law.  
 
Computer forensics is the practice of identifying, extracting and considering evidence from digital media such as computer hard drives. [[Digital evidence]] is both fragile and volatile and requires the attention of a certified specialist to ensure that materials of evidentiary value can be effectively isolated and extracted in a scientific manner that will bear the scrutiny of a court of law.  
 +
 
Computer forensics is not to be confused with the more generic term of 'forensic computing', which refers to the analysis and study of all types of digital media and materials - whether they be of a computing or telecommunication nature. Computer forensics, in a strict sense, applies specifically to the evaluation of computers and data storage or data processing devices.
 
Computer forensics is not to be confused with the more generic term of 'forensic computing', which refers to the analysis and study of all types of digital media and materials - whether they be of a computing or telecommunication nature. Computer forensics, in a strict sense, applies specifically to the evaluation of computers and data storage or data processing devices.
 +
 +
== Background ==
 +
Forensic science is the scientific method of gathering and examining information about the past. The word forensic comes from the Latin forēnsis, meaning "of or before the forum." In modern use, the term forensics in the place of forensic science can be considered correct, as the term forensic is effectively a synonym for legal or related to courts. [http://en.wikipedia.org/wiki/Forensic_science].
 +
 +
Most legal systems apply a form of a legal burden of proof. A legal burden of proof is the imperative on a party in a trial to produce the evidence that will shift the conclusion away from the default position to one's own position. [http://en.wikipedia.org/wiki/Legal_burden_of_proof]
 +
 +
== Forensics examinations ==
 +
Four things are key to all forensics examinations; the:
 +
# Maintenance of data integrity as well as data authenticity,
 +
# Prevention of contamination of data,
 +
# Proper and comprehensive documentation and
 +
# Implementation of a systematic, scientific methodology
 +
 +
== Forensic profession ==
 +
All professionals involved in a forensics examination have both an ethical and a professional responsibility to:
 +
* Maintain their objectivity.
 +
* Present facts accurately and
 +
* Not withhold any findings as such actions may distort or misrepresent the facts
 +
* Render opinions only on the basis of what can be reasonably demonstrated.
 +
 +
== See Also ==
 +
* [[Digital evidence]]
 +
* [[File Analysis]]
 +
* [[Malware analysis]]
 +
* [[Memory analysis]]
 +
 +
== External Links ==
 +
* [http://en.wikipedia.org/wiki/Computer_forensics Wikipedia: Computer forensics]
 +
* [http://en.wikipedia.org/wiki/Forensic_science Wikipedia: Forensic science]
 +
* [http://en.wikipedia.org/wiki/Legal_burden_of_proof Wikipedia: Legal burden of proof]
 +
* [http://www.isfs.org.hk/publications/ISFS_ComputerForensics_part2_20090806.pdf Computer Forensics Part 2: Best Practices], by Information Security and Forensics Society (ISFS), August 2009

Latest revision as of 11:08, 23 August 2014

Computer forensics is the practice of identifying, extracting and considering evidence from digital media such as computer hard drives. Digital evidence is both fragile and volatile and requires the attention of a certified specialist to ensure that materials of evidentiary value can be effectively isolated and extracted in a scientific manner that will bear the scrutiny of a court of law.

Computer forensics is not to be confused with the more generic term of 'forensic computing', which refers to the analysis and study of all types of digital media and materials - whether they be of a computing or telecommunication nature. Computer forensics, in a strict sense, applies specifically to the evaluation of computers and data storage or data processing devices.

Background

Forensic science is the scientific method of gathering and examining information about the past. The word forensic comes from the Latin forēnsis, meaning "of or before the forum." In modern use, the term forensics in the place of forensic science can be considered correct, as the term forensic is effectively a synonym for legal or related to courts. [1].

Most legal systems apply a form of a legal burden of proof. A legal burden of proof is the imperative on a party in a trial to produce the evidence that will shift the conclusion away from the default position to one's own position. [2]

Forensics examinations

Four things are key to all forensics examinations; the:

  1. Maintenance of data integrity as well as data authenticity,
  2. Prevention of contamination of data,
  3. Proper and comprehensive documentation and
  4. Implementation of a systematic, scientific methodology

Forensic profession

All professionals involved in a forensics examination have both an ethical and a professional responsibility to:

  • Maintain their objectivity.
  • Present facts accurately and
  • Not withhold any findings as such actions may distort or misrepresent the facts
  • Render opinions only on the basis of what can be reasonably demonstrated.

See Also

External Links