computer forensics

(redirected from Cyber forensics)

computer forensics

[kəm¦pyüd·ər fə′ren·ziks]
(forensic science)
The study of evidence from attacks on computer systems in order to learn what has occurred, how to prevent it from recurring, and the extent of the damage.
McGraw-Hill Dictionary of Scientific & Technical Terms, 6E, Copyright © 2003 by The McGraw-Hill Companies, Inc.

computer forensics

The investigation of a computer system believed to be compromised by cybercrime. Also called "digital forensics," it is used to examine a computer that may harbor incriminating data in non-cybercrime cases.

There is a large variety of forensic software for investigating a suspect PC. Such programs may copy the entire storage drive to another system for inspection, allowing the original to remain unaltered. Another example compares file extensions to the content within the files to determine if they have been camouflaged with phony extensions. For example, an image file might be renamed as a text document and vice versa. In addition, storage drives can be examined for deleted data (see data remanence). The Kali version of Linux is widely used for computer forensics (see Kali).

Network Forensics
In order to identify attacks, "network forensics" deals with the capture and inspection of packets passing through a selected node in the network. Packets can be inspected on the fly or stored for later analysis. See hidden disk areas, forensically clean, slack space, write blocker, file wipe, IDS, Internet forensics and security event management software.

NIST Phases



The National Institute of Standards and Technology "Guide to Integrating Forensic Techniques into Incident Responses" covers four phases, which are briefly summarized below. For the complete 121-page NIST publication, download draft SP 800-86 at http://csrc.nist.gov/publications/nistpubs.

1 - Collection: Identify, label, record and acquire data from possible sources, while preserving the integrity of the data.

2 - Examination: Use manual and automated methods to assess and extract data of particular interest, while preserving the integrity of the data.

3 - Analysis: Use legally justifiable methods and techniques to derive useful information.

4 - Reporting: Describe actions used, explain how tools and procedures were selected, determine what other actions need to be performed, including forensic examination of additional data sources, securing identified vulnerabilities and improving existing security controls. Recommend improvements to policies, guidelines, procedures, tools and other aspects of the forensic process.
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
References in periodicals archive ?
Shukla, who was speaking after inaugurating the first national conference on cybercrime investigation and cyber forensics here at the agency's headquarters, said: "There is a need to create a pool of competent investigators, digital forensic analysts, prosecutors and judicial officers who are digitally aware."
Others include the National Cyber Forensics and Training Alliance (NCFTA); Council of Registered Ethical Security Testers (CREST); Cyber Threat Alliance (CTA) Forum of Incident Response Teams (FIRST) and others.
This year, the exercise moved from theory to tactical and foundation-based and the key theme became cyber forensics, or threat hunting.
How can automation optimise effective cyber forensics and incident response?
"As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers' concerns and meet the standard of excellence our customers deserve and expect from Marriott," Sorenson said.
"As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers' concerns and meet the standard of excellence our customers deserve and expect from Marriott." Marriott is updating its press release of November 30, 2018, which announced that the company determined on November 19, 2018 that there was unauthorized access to a Starwood guest reservations database.
The scope of a CISO's role is very critical that's why this person has to be strategic so he'd be able to accurately evaluate the organization's risk landscapes, educate top management on risk mitigation, and conduct investigation and cyber forensics when needed.
Several other training programmes such as Crime Scene Management and CCTV Analysis, Expert Testimony on Criminal Trial, Forensic Science, Cyber Forensics, VIP Security, Traffic Management and a seminar on Financial Crime, have been organised by India for Sri Lanka's Police Force this year.
These included the anti-terrorism police unit, a bomb disposal unit and a cyber forensics investigative unit.
(April 24, 2018) Space and Naval Warfare Systems Center (SSC) Atlantic's Cyber Forensics and Data Recovery Integrated Product Team Lead Bill Littleton discusses capabilities of the Navy's only Accredited Digital Media Criminal Forensics Investigations Laboratory and Data Recovery Laboratory to members of the Navy Laboratory and Center Coordinating Group (NLCCG).
Under Section 44 of the Act, a special court headed by judges who were duly trained in cyber forensics, electronic transactions and data protection was also supposed to be sanctioned.