It is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.
Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.
Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted as reliable within court systems.
It is the preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing expert opinion in a court of law or other legal and/or administrative proceeding as to what was found
Benefits
Losses caused as a result of computer crimes have contributed to an invigorated interest in computer forensics. Computer forensics offers the following benefits
- Ensures the overall integrity and continued existence of an organization’s computer system and network infrastructure.
- Helps the organization capture important information if their computer systems or networks are com-promised. It also helps prosecute the case, if the criminal is caught.
- Extracts, processes, and interprets the actual evidence in order to prove the attacker’s actions and the organization’s innocence in court.
- Efficiently tracks down cyber criminals and terrorists from different parts of the world. Cyber criminals and terrorists that use the Internet as a communication medium can be tracked down and their plans known. IP addresses play a vital role in determining the geographical position of terrorists.
- Saves the organization money and valuable time. Many managers allocate a large portion of their IT budget for computer and network security.
- Tracks complicated cases such as child pornography and e-mail spamming.