computer forensics

Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Wikipedia.

computer forensics

[kəm¦pyüd·ər fə′ren·ziks]
(forensic science)
The study of evidence from attacks on computer systems in order to learn what has occurred, how to prevent it from recurring, and the extent of the damage.

computer forensics

The investigation of a computer system believed to be involved in cybercrime. Forensic software provides a variety of tools for investigating a suspect PC. Such programs may copy the entire hard drive to another system for inspection, allowing the original to remain unaltered.

Another utility compares file extensions to the content within the files to determine if they have been camouflaged with phony extensions. For example, an image file might be renamed as a text document and vice versa. In addition, hard drives can be examined for data that has been deleted (see data remanence).

Network Forensics
In order to identify attacks, "network forensics" deals with the capture and inspection of packets passing through a selected node in the network. Packets can be inspected on the fly or stored on disk for later analysis. See hidden disk areas, forensically clean, slack space, write blocker, file wipe, IDS, Internet forensics and security event management software.

NIST Phases

The National Institute of Standards and Technology "Guide to Integrating Forensic Techniques into Incident Responses" covers four phases, which are briefly summarized below. For the complete 121-page NIST publication, download draft SP 800-86 at

1 - Collection: Identify, label, record and acquire data from possible sources, while preserving the integrity of the data.

2 - Examination: Use manual and automated methods to assess and extract data of particular interest, while preserving the integrity of the data.

3 - Analysis: Use legally justifiable methods and techniques to derive useful information.

4 - Reporting: Describe actions used, explain how tools and procedures were selected, determine what other actions need to be performed, including forensic examination of additional data sources, securing identified vulnerabilities and improving existing security controls. Recommend improvements to policies, guidelines, procedures, tools and other aspects of the forensic process.
References in periodicals archive ?
Scott has been an adjunct computer forensics faculty member at Loyola University and the Wilbur Wright College in Chicago.
Learn more about the field of computer forensic jobs and computer forensics salary by checking out the web pages at http://www.
As The Lorenzi Group became more involved with computer forensics, we built relationships with vendors, other computer forensics experts, litigators and business executives.
According to the company, the MPE+ software-only solution and the tablet integrate seamlessly with Forensic Toolkit (FTK) computer forensics software, enabling investigators to see the evidence on the screen immediately after extraction and then add that evidence to a case within FTK for deeper analysis.
Paula Thomas, head of the university's computer science division, said: "This accreditation will give our students a head start when it comes to finding employment in the computer forensics industry.
Rogers, an associate professor who heads the computer forensics program in the College of Technology at Purdue University, West Lafayette, Ind.
Instructors in computer forensics at the undergraduate or graduate level may judiciously apply this work as part of a course of training as long as they reinforce it with step-by-step classroom learning.
A four-year course in computer forensics will provide students with the skills needed to track down people using their computer for criminal purposes.
To answer this need, many corporate security professionals are turning to the growing selection of professional-grade computer forensics products such as ProDiscover IR from Technology Pathways.
The tools of computer forensics play a vital role in resolving matters in the corporate world and litigation process by enhancing the evidence pool, establishing truths otherwise left undiscovered and, consequently, contributing to more efficient and rapid resolution, judgments or settlements.
The first test report based on the Computer Forensics Tool Testing (CFTT) program was published by the National Institute of Justice at http://www.
Companies can learn to minimize their exposure, says Joan Feldman, president of the Seattle-based Computer Forensics Inc.

Full browser ?