computer forensics

Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Wikipedia.

computer forensics

[kəm¦pyüd·ər fə′ren·ziks]
(forensic science)
The study of evidence from attacks on computer systems in order to learn what has occurred, how to prevent it from recurring, and the extent of the damage.

computer forensics

The investigation of a computer system believed to be involved in cybercrime. Forensic software provides a variety of tools for investigating a suspect PC. Such programs may copy the entire hard drive to another system for inspection, allowing the original to remain unaltered.

Another utility compares file extensions to the content within the files to determine if they have been camouflaged with phony extensions. For example, an image file might be renamed as a text document and vice versa. In addition, hard drives can be examined for data that has been deleted (see data remanence).

Network Forensics
In order to identify attacks, "network forensics" deals with the capture and inspection of packets passing through a selected node in the network. Packets can be inspected on the fly or stored on disk for later analysis. See hidden disk areas, forensically clean, slack space, write blocker, file wipe, IDS, Internet forensics and security event management software.

NIST Phases

The National Institute of Standards and Technology "Guide to Integrating Forensic Techniques into Incident Responses" covers four phases, which are briefly summarized below. For the complete 121-page NIST publication, download draft SP 800-86 at

1 - Collection: Identify, label, record and acquire data from possible sources, while preserving the integrity of the data.

2 - Examination: Use manual and automated methods to assess and extract data of particular interest, while preserving the integrity of the data.

3 - Analysis: Use legally justifiable methods and techniques to derive useful information.

4 - Reporting: Describe actions used, explain how tools and procedures were selected, determine what other actions need to be performed, including forensic examination of additional data sources, securing identified vulnerabilities and improving existing security controls. Recommend improvements to policies, guidelines, procedures, tools and other aspects of the forensic process.
References in periodicals archive ?
MANDIANT security consultants are acknowledged experts in incident response, computer forensics, network security and application security.
The benefits of NetSecurity's Hands-On How-To[R] computer forensics training include detailed step-by-step and how-to instructions, real-world simulations of forensics challenges, seasoned expert instructors with real-world hands-on consulting and training experience, an arsenal of take-aways, up-to-date course content that addresses emerging forensics challenges, small class sizes ensuring maximum student-instructor interaction, and vendor-neutral content - covering commercial and freeware tools.
In addition to performing computer forensics by analyzing drives for deleted information and other activities, Tao coordinates the gathering, searching, and processing of e-mail and electronically stored data.
The bulk of the work we do as computer forensics experts in discovery projects starts with user Windows or Mac computers, standard email systems and network file storage.
Further, the company said that Eifert has remained in the Air Force Reserves and continues to serve as the reserve detachment commander for AFOSI at Langley AFB, Virginia, as well as being an adjunct professor at George Mason University teaching Graduate Computer Forensics and Cyber Investigations.
The firm s computer forensics services will enable the commission to collect proof from a computer system by covertly examining it and its contents, while moreover keeping intact the integrity of the original data.
While the popularity of television shows like NCIS and Law and Order that highlight the subject of computer forensics have made the acceptance of the science widespread, not everyone understands exactly what is encompassed by the field.
The acquired services will become part of the Ricoh's eDiscovery suite and thus widen the company's offering in the field of computer forensics and eDiscovery for corporate counsel and law firms.
As The Lorenzi Group became more involved with computer forensics, we built relationships with vendors, other computer forensics experts, litigators and business executives.
AccessData has released its new Mobile Phone Examiner Plus (MPE+) software and preconfigured touch-screen field tablet, the provider of computer forensics, network forensics, eDiscovery, password cracking and decryption solutions said on Friday.
Computer forensics is a component of cyber-security that encompasses the application of computer investigation and analysis techniques to obtain legal evidence found in computers and digital storage mediums.
We should, and will, use that to catch and prosecute them," says Barry Page, deputy director of the National Computer Forensics Institute (NCFI).

Full browser ?