Computer Forensics is a New and Amazing Career Option

What is computer forensics? It is a new branch of forensic science which is also called digital forensics and pertains to legal evidence found in computers or peripherals. It idea of this new science is to find a digital fingerprint or artifact and decipher the reason that it exists.

There are many uses for computer forensics. The science is used in legal cases to check out the system of a defendant in a child pornography case, for instance. Or it could be used in the accounting world to see if any files have been erased or altered. Computer forensics is used in case of a hard drive failure to recover information that would be otherwise lost. In a secure venue, computer forensics might be used to determine just how someone broke into a system that was supposed to be secure.

Computer forensics can be used against an employee that a company wishes to terminate to gather information on how that employee uses his time or his equipment. Computer forensics can also be a force in re-engineering something such as in the case of stolen information or equipment in business espionage.

This process of computer investigation is used is very detailed and the person who does the forensic search has to be careful that the chain of evidence is kept and that none of the evidence is contaminated. Also, it is important to be certain that through investigation no virus is planted or transferred. At all time, attorney-client privilege must be respected.

The evidence can be used by the prosecutor in the case, the lawyer on the defense side, insurance companies, and civil litigators.

The University of Maryland offers a degree in what they term Cyber Security. It is an area devoted to teaching those who seek the degree how to catch cyber terrorists. With today’s world wide access to the banking industry and to stocks and bonds and their trading houses, cyber security is very important. Almost 99% of our personal information is online now through someone that we have to give it to. Once we give out our information we have no guarantee that it will not get into the hands of someone who has bad intentions. This is a hot course since it is offered by the University of Maryland and is so close to Washington, D.C. and government operations.

Once you become a computer forensics investigator you can apply to the Department of Homeland Security for one of their computer positions or to any other government agency which will need experts on site. A computer forensic investigator must have a good relationship with computers because he or she will be dealing with them every day that they are on the job.

Some companies share a computer forensics investigator because neither company can afford to hire one full time. Being able to freelance as a computer forensics investigator means that a person can offer his or her training and knowledge to the highest bidder in the protection industry.

Why Does Digital Forensics Matter to Me?

Your data is not private!

In the privacy of our studies, offices, libraries, or wherever it is we have our computers, it may seem that we are alone, with no one looking over our shoulders. But every document we draft, every step through the Internet we take, is creating tracks through the digital environment in our computers. This fact has a number of implications, both useful and detrimental.

What happens when drafting a document?

Suppose we are drafting a Microsoft Word document. It would appear that we are simply typing a single document that we can then save (or not), or delete at will. But several things are going on behind the scenes. As soon as a document is started, even before giving it a name, an invisible document is mirroring what is being typed on the screen. This happens every time the document is opened after it is saved. When printing the document, another invisible file containing all or part the document is created as a buffer for the printer’s use. All the while, data from the document is being written into the computer’s virtual memory file, a kind of scratch pad the computer uses in order to speed things up. So the very act of writing a document and printing it puts all or part of the document in at least four different places.

What happens when a document is deleted?

When a document is deleted, one letter of the name of the document is changed so that the operating system ignores its presence (it essentially becomes invisible to the user) and allows it to be overwritten. Otherwise, not much really happens to the document right away. Over time, it may get overwritten – or it may not.

What happens when visiting a website?

The browser (Internet Explorer, Firefox, Safari) makes a record of the address of the website and the specific page that includes the date and time, it keeps a record of any “cookie” – data that the website gives the browser – this is called “Internet History”. The browser also downloads the little images (“thumbnails”) that are on the given web page. All of this information sits on the user’s computer, and the Internet history gets renewed regularly. Every week or so, the browser makes a whole new copy of the history file, deleting the old one. Of course, like with any other document, the deleted history file doesn’t go away – its name is changed and part or all of it may become overwritten in time.

Digital Forensics

A computer forensic expert, using various software tools can look underneath the images in Windows that a user sees. Using a range of computer forensics suites and data recovery tools, the “digital detective” can recover deleted files, and find thousands of otherwise lost snippets of Internet history, missing emails, and apparently erased images. These processes make up a big part of the science and art of digital forensics.

Good news / Bad News

Depending on your perspective, the ability to recover information that one might have thought gone – or never stored – can be helpful or hurtful. On the good news side, such information can help a defendant to prove his or her innocence, or fuel a counter-claim. Conversely, digital discovery can reveal wrongdoings thought hidden or lost.

For the individual, computer forensics can provide the gift of finding data thought long lost. For law enforcement, it can provide the digital evidence needed to prove cases in a wide variety of offenses, from threats to fraud to embezzlement to child or elder exploitation. For business, e-discovery can provide a remedy for stolen secrets or customers. For a defendant, skilful electronic discovery can help to disprove an opponent’s claims saving money, reputation, or even jail time. For lawyers, a whole other avenue of document discovery is opened up.

Digital forensics can be a boon or a bane, but the field is advancing quickly, gaining wider use, and is here to stay.

What Is Digital Forensics?

In the not too distant past, computers were monolithic devices which required a separate and specific climate controlled environment, and technicians with a specialized skill set to maintain them and make use of them. Only governments and large corporations could own them and pay the professionals who could communicate with them.

Now, computers are an ubiquitous part of life, and calculators and gaming systems have more computing power and data storage capacity than the early, giant computers.

Because computers are so prevalent, the amount of personal, corporate and government data stored on various devices increases with every passing minute. Security measures don’t always keep up with the latest technology, and digital media is often part of crime investigations. The critical nature of much of this data has created the need for a new science called digital forensics or sometimes, computer forensics.

Digital forensics is a branch of forensic science that includes the recovery, investigation and analysis of data found on digital devices such as computers, smart phones and media storage devices in such a manner that the results will be allowed to be entered as evidence in a court of law. In the private sector, it can be used to discover the nature and extent of an unauthorized network intrusion.

One goal is to preserve evidence in its most original form while performing a structured investigation. The process often includes the seizure, forensic imaging, and analysis of digital media, and the production of a report on the findings. This structured investigation needs to maintain a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. There also needs to be a clear chain of custody for confidence that the data has not been tampered with or compromised. Data gathering incorrectly done can alter or corrupt the data being collected, rendering it useless to the investigation.

The first step is to preserve the crime scene by making a copy of all memory and hard disks. This preserves the state of the device, and allows it to be put back into use. After the data is preserved, the investigation for evidence can commence.

A computer forensics expert must show skills and experience by earning at least one of the major certifications in computer forensics. A competent examiner can recover deleted files, analyze Internet data to determine websites that were visited from a certain computer even in when the browser history and cache may have been deleted.

A computer forensics expert is also able to recover communications sent via chat or instant messenger. While performing the analysis, the expert can also recover deleted images and email messages. In the modern world of mobile Internet devices, a competent computer forensics expert will also be able to recover deleted data from mobile phones, including deleted text messages, call logs, emails, and the like.

During Digital Forensic investigations, specific steps and procedures requiring an added level of technical expertise must be followed to access, preserve, and analyze the data and to eliminate any risk of spoliation. Only trained professionals, who also possess IT knowledge, should be trusted to handle this process. This ensures that the data can be admitted by a legal team as evidence in a court of law.