Forensics is the application of sciences that help to seek out, examine, and answer questions about certain characteristics. For example, forensic toxicology helps us understand certain drug interactions, whereas forensics evidence helps us understand evidence that is uncovered at a crime scene. Since computers are now often used in criminal activity, a forensic branch of science has been created termed computer forensics. Unfortunately, unlike other forensics sciences, the complexity, legality, and even the nature of computer forensics may make it more vulnerable to errors.
Key Terms in this Chapter
Internet Forensics: Internet forensics is an expansion of computer forensics, in that Internet forensics relies more on search and seizure investigations. While computer forensics investigations rely on finding data on computer systems, malicious e-mails, Trojans, denial of service attacks all have other originating sources, and have to be identified by: (1) the actual data hidden inside the code, that is, its signature, and (2) the source of that hostility. Internet forensics examines the data to attempt to find the source of the attack.
Computer Forensics: Computer forensics is a discipline that is the field of computer technology. It is a well-defined field of study and code of practices, with researchers and practitioners. It is the process of acquisition, analyzing, preserving, and present electronic data in a format that the authenticity cannot be denied.
Computer Forensics Investigator: A computer forensic investigator is trained in the field of handling and applying specialized tools to uncover sensitive computer data in computer systems and other electronic equipment. An investigator tries to determine the extent of a security breech, figuring out how the system was compromised and allowed an intruder in, identifying the damage, and potentially identifying the subject. The computer forensic investigator attempts to use a wide variety of tools and process to uncover electronic data from a computer system, whether the data is deleted, hidden, encrypted, or even if the computer system is damaged.
Evidence Handling: Evidence handling is the process of how electronic evidence was handled from the moment of seizure to the presentation in a court of law. It covers admissibility, authenticity, complete, reliable, and believable. It is this set of components that covers the necessary and core legal requirements that digital data can be used and accepted into a court of law
Federal Rules of Evidence: Federal rules of evidences are rules allowed by Congress and enforced by the U.S. Supreme Court, which govern the admissibility of evidence in Federal court rooms in the United States. These rules govern how evidence can be submitted, and are meant to ensure the fairness of evidence without delay or prejudice. They are also meant to ensure the uniformity of legally admissible evidence and reduce the variability that often varied from court to course before they were enacted.
Computer Crime: Computer crime is crime committed with the use of a computer. It can be used for money laundering, mail fraud, pornography, black mail, and so forth. Its primary aspect is that it is done with a computer system. Computer crime is uncovered with the use of computer forensics technology.
Forensics: Forensics, often called forensics science, is the application of a wide range of sciences that help to seek out, examine, and answer questions about certain activity characteristics. Forensics is the uncovering of information from investigations of incidents, in order to identify some evidence that may point to the circumstances that caused that event under investigation.