computer forensics

Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Wikipedia.

computer forensics

[kəm¦pyüd·ər fə′ren·ziks]
(forensic science)
The study of evidence from attacks on computer systems in order to learn what has occurred, how to prevent it from recurring, and the extent of the damage.
McGraw-Hill Dictionary of Scientific & Technical Terms, 6E, Copyright © 2003 by The McGraw-Hill Companies, Inc.

computer forensics

The investigation of a computer system believed to be compromised by cybercrime. Also called "digital forensics," it is used to examine a computer that may harbor incriminating data in non-cybercrime cases.

There is a large variety of forensic software for investigating a suspect PC. Such programs may copy the entire storage drive to another system for inspection, allowing the original to remain unaltered. Another example compares file extensions to the content within the files to determine if they have been camouflaged with phony extensions. For example, an image file might be renamed as a text document and vice versa. In addition, storage drives can be examined for deleted data (see data remanence). The Kali version of Linux is widely used for computer forensics (see Kali).

Network Forensics
In order to identify cyberattacks, "network forensics" deals with the capture and inspection of packets passing through a selected node in the network. Packets can be inspected on the fly or stored for later analysis. See hidden disk areas, forensically clean, slack space, write blocker, file wipe, IDS, Internet forensics and security event management software.

NIST Phases

The National Institute of Standards and Technology "Guide to Integrating Forensic Techniques into Incident Responses" covers four phases, which are briefly summarized below. For the complete 121-page NIST publication, download draft SP 800-86 at

1 - Collection: Identify, label, record and acquire data from possible sources, while preserving the integrity of the data.

2 - Examination: Use manual and automated methods to assess and extract data of particular interest, while preserving the integrity of the data.

3 - Analysis: Use legally justifiable methods and techniques to derive useful information.

4 - Reporting: Describe actions used, explain how tools and procedures were selected, determine what other actions need to be performed, including forensic examination of additional data sources, securing identified vulnerabilities and improving existing security controls. Recommend improvements to policies, guidelines, procedures, tools and other aspects of the forensic process.
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
References in periodicals archive ?
To assist and facilitate computer forensics experts in selecting an appropriate tool for digital evidence investigation, we propose a computer forensics tool catalogue ontology (CFTCO) created from the NIST CFTC and an ontology-based transformation model (TM) for the digital forensics domain, shown in Fig.
We first provide an introduction to computer forensics. Following this, we describe an exercise that was incorporated into coursework as a "hands-on" experience for students enrolled in a core, required operating systems course.
The award winning designed facility includes five large computer training class rooms, a "smart" courtroom and a computer forensics lab.
Gary Warner, UAB's director of research in computer forensics, has dubbed the trend as "spam crisis in China".
As further redundancies are inflicted on the financial sector, Kroll Ontrack [R], the leading provider of electronic and paper disclosure, computer forensics, and courtroom services, is warning companies of the risks of not backing up data on redundant computers and other hardware.
Passware Search Index Examiner makes all the data indexed by Windows Search instantly accessible to computer forensics and IT professionals.
Computer Forensics: An Essential Guide for Accountants, Lawyers, and Managers by Michael Sheetz, J.D.
This is the view of Ernst & Young's recently recruited computer forensics expert, John Holden, who is warning businesses in the region that fraudsters are increasingly using high-technology as a tool to commit business related fraud.
* Gallivan, Gallivan & O'Melia, LLC, a computer forensics and electronic Intelligent Discovery firm leased 2,159 s/f at 110 W.
Unfortunately, no one book makes a security generalist into a computer forensics specialist.
Computer forensics graduates have been in high demand for jobs with law enforcement since the field first appeared, but that demand is growing even greater as private firms begin recruiting cyber investigators.

Full browser ?