computer forensics

(redirected from Forensic computing)

computer forensics

[kəm¦pyüd·ər fə′ren·ziks]
(forensic science)
The study of evidence from attacks on computer systems in order to learn what has occurred, how to prevent it from recurring, and the extent of the damage.
McGraw-Hill Dictionary of Scientific & Technical Terms, 6E, Copyright © 2003 by The McGraw-Hill Companies, Inc.

computer forensics

The investigation of a computer system believed to be compromised by cybercrime. Also called "digital forensics," it is used to examine a computer that may harbor incriminating data in non-cybercrime cases.

There is a large variety of forensic software for investigating a suspect PC. Such programs may copy the entire storage drive to another system for inspection, allowing the original to remain unaltered. Another example compares file extensions to the content within the files to determine if they have been camouflaged with phony extensions. For example, an image file might be renamed as a text document and vice versa. In addition, storage drives can be examined for deleted data (see data remanence). The Kali version of Linux is widely used for computer forensics (see Kali).

Network Forensics
In order to identify attacks, "network forensics" deals with the capture and inspection of packets passing through a selected node in the network. Packets can be inspected on the fly or stored for later analysis. See hidden disk areas, forensically clean, slack space, write blocker, file wipe, IDS, Internet forensics and security event management software.

NIST Phases

The National Institute of Standards and Technology "Guide to Integrating Forensic Techniques into Incident Responses" covers four phases, which are briefly summarized below. For the complete 121-page NIST publication, download draft SP 800-86 at

1 - Collection: Identify, label, record and acquire data from possible sources, while preserving the integrity of the data.

2 - Examination: Use manual and automated methods to assess and extract data of particular interest, while preserving the integrity of the data.

3 - Analysis: Use legally justifiable methods and techniques to derive useful information.

4 - Reporting: Describe actions used, explain how tools and procedures were selected, determine what other actions need to be performed, including forensic examination of additional data sources, securing identified vulnerabilities and improving existing security controls. Recommend improvements to policies, guidelines, procedures, tools and other aspects of the forensic process.
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
References in periodicals archive ?
Forensic computing experts examined the laptop and found five images ranked as Category A - the most extreme there is.
It was led by Lincolnshire Police Economic Crime Unit, helped by the national NHS counter-fraud service and its Forensic Computing Unit, all now part of the NHS Counter Fraud Authority.
It was led by Lincolnshire Police Economic Crime Unit, helped by the nationalNHScounter fraud service and its Forensic Computing Unit, all now part of the NHS Counter Fraud Authority.
Samborski said the company has been building forensic computing systems for about 12 years, and those systems are now exclusively used by the IRS.
Forensic computing expert James Borwick, 53, told the High Court in Edinburgh he also found documents relating to firearms.
of Science, Natural Resources and Outdoor Studies (with integrated foundation year) Fusehill Street (4 years) Carlisle CA1 2HH Forensic Science Top-up (1 year) UK study/courses/undergraduate /forensic-and-investigative -science/ De Montfort University Forensic Computing School of Computer Science and Informatics The Gateway, Leicester LE1 9BH UK courses/undergraduate- courses/computing-bsc/ computing-bsc-degree.aspx University of Derby College of Life and Natural Sciences Forensic Science (with Dept.
Connor, who has been given the all-clear along with his brother Luca, has just been offered a place at the University of Bristol to study forensic computing.
IEEE ICC 2016 will begin Monday, May 23 with the first of two full days of tutorials and workshops highlighting topics such as cooperative wireless system design, M2M communications, next generation IoT, network coding practices, small cell and 5G networking and forensic computing. It will then proceed over the next three days with more than 2,000 professionals, scientists, academics and government officials attending sessions highlighting the latest research and business policies surrounding communications advancements worldwide.
Chris Hargreaves of the Centre for Forensic Computing and Security in Bedfordshire, UK, thinks using phones in air crash forensics sounds feasible "I can certainly imagine that some data from mobile and wearable devices could be relevant to an aircraft investigation," he says.
The purposes of digital forensics are including forensic computing, forensic calculations and computer forensics.
Another student heading to university this autumn is Akre Ake, who will be studying information security and forensic computing at Anglia Ruskin University after completing an Access to Software Development course at BMET.