computer forensics

(redirected from Forensic computing)

computer forensics

[kəm¦pyüd·ər fə′ren·ziks]
(forensic science)
The study of evidence from attacks on computer systems in order to learn what has occurred, how to prevent it from recurring, and the extent of the damage.

computer forensics

The investigation of a computer system believed to be involved in cybercrime. Forensic software provides a variety of tools for investigating a suspect PC. Such programs may copy the entire hard drive to another system for inspection, allowing the original to remain unaltered.

Another utility compares file extensions to the content within the files to determine if they have been camouflaged with phony extensions. For example, an image file might be renamed as a text document and vice versa. In addition, hard drives can be examined for data that has been deleted (see data remanence).

Network Forensics
In order to identify attacks, "network forensics" deals with the capture and inspection of packets passing through a selected node in the network. Packets can be inspected on the fly or stored on disk for later analysis. See hidden disk areas, forensically clean, slack space, write blocker, file wipe, IDS, Internet forensics and security event management software.

NIST Phases



The National Institute of Standards and Technology "Guide to Integrating Forensic Techniques into Incident Responses" covers four phases, which are briefly summarized below. For the complete 121-page NIST publication, download draft SP 800-86 at http://csrc.nist.gov/publications/nistpubs.

1 - Collection: Identify, label, record and acquire data from possible sources, while preserving the integrity of the data.

2 - Examination: Use manual and automated methods to assess and extract data of particular interest, while preserving the integrity of the data.

3 - Analysis: Use legally justifiable methods and techniques to derive useful information.

4 - Reporting: Describe actions used, explain how tools and procedures were selected, determine what other actions need to be performed, including forensic examination of additional data sources, securing identified vulnerabilities and improving existing security controls. Recommend improvements to policies, guidelines, procedures, tools and other aspects of the forensic process.
References in periodicals archive ?
IEEE ICC 2016 will begin Monday, May 23, with the first of two full days of tutorials and workshops highlighting topics such as cooperative wireless system design, M2M communications, next generation IoT, network coding practices, small cell and 5G networking and forensic computing.
IEEE ICC 2016 will begin Monday, May 23 with the first of two full days of tutorials and workshops highlighting topics such as cooperative wireless system design, M2M communications, next generation IoT, network coding practices, small cell and 5G networking and forensic computing.
Chris Hargreaves of the Centre for Forensic Computing and Security in Bedfordshire, UK, thinks using phones in air crash forensics sounds feasible "I can certainly imagine that some data from mobile and wearable devices could be relevant to an aircraft investigation," he says.
Another student heading to university this autumn is Akre Ake, who will be studying information security and forensic computing at Anglia Ruskin University after completing an Access to Software Development course at BMET.
The garda, who is also the founder of the Masters degree for Forensic Computing and Cyber Crime Investigation in UCD, said his unit has the tools and expertise to capture online criminals.
Jaswinder Rehal, a 2010 MSc graduate in forensic computing from Coventry and now a security consultant at Nettitude, said: "Information security is as important as running a business itself, though some businesses haven't invested time into it.
Dominic Nielen-Groen and Chris Elmore, who both recently completed the BSc (Hons) Forensic Computing course at the University's Faculty of Technology, Engineering and the Environment started their own business Zibit Datalab in February 2011, which specialises in data recovery from a wide variety of storage devices.
The forensic computing work was also crucial to proving that it was Thomas who had accessed and traded the indecent images after he had used software to wipe his computer clean.
The knowledge transfer involves forensic computing, statistics and artificial intelligence, which will enable the development of an on-line resource for social housing providers to tackle the growing problem of money laundering and fraud within the sector.
Her classmate Rennick Gregory, aged 19, who is hoping to embark on a career in forensic computing, added: "It's been a good second year.
MILTON KEYNES, England, June 8 /PRNewswire/ -- SPEKTOR(R) Forensic Intelligence, a fast and forensically sound data acquisition, analysis and review solution for front line officers from the law enforcement and government communities, has been launched by UK-based forensic computing experts Evidence Talks Ltd.
Indra Dhaon was the first student to win a scholarship, and has spent the past year studying for a degree in forensic computing while developing his considerable golfing skills - he currently plays off plus two and has won many golf competitions in his native India.