Also known as computer forensic science, computer forensics is a branch of digital forensic science relating to the identification, preservation, recovery, analysis, and presentation of facts about evidence found in computers and digital storage devices.
Forensic science includes techniques to capture data that may be useful in reports that are admissible as evidence in court for several crimes, such as child pornography, copyright violations, espionage, extortion, keylogging, malware attacks, money laundering, piracy theft, spoofing, virus attacks, and many others.
The infamous BTK serial killer killed ten people over a period of about twenty years, beginning with a family of four in 1974. By 2004, the murders were considered a cold case. Then, the killer began a series of communications with the media and police that eventually led to his arrest in 2005. Among the evidence that led to his arrest was a floppy disk that contained a letter from the killer, who did not identify himself. Computer forensic investigators found a deleted Microsoft Word file on the disk that contained metadata indicating that the last person to have edited the file was "Dennis" along with a link to Christ Lutheran Church, where Dennis Rader served as president of the church council.
The scope of forensic analysis might vary from information retrieval to a reconstruction of events, a common technique being the recovery of deleted files. As most operating systems don't fully erase deleted data, investigators are often able to retrieve this data and reconstruct it. More complex techniques might involve the detection of steganography, which is a method of hiding data within a digital image, and cross-drive analysis, which is used to correlate data found on multiple hard drives.
When a computer is still powered up, information stored solely in RAM may be recovered. Once a machine is powered down, RAM data may be lost. However, RAM can be analyzed for prior content after a loss of power because the electrical charge stored in the memory takes time to dissipate, and holding unpowered RAM at low temperatures can help to preserve residual data, improving the chances for recovery. Other techniques can be used to move a live, running computer without powering it down or allowing it to go to sleep accidentally. RAM data may also be saved to disk.
Forensic computer scientists use a variety of open-source and commercial software tools for computer forensics investigation.
Computer forensics certifications include the ISFCE Certified Computer Examiner, Digital Forensics Investigation Professional, IACRB Certified Computer Forensics Examiner, Certified Cyber Forensics Professional, and Certified Computer Forensic Examiner, as well as proprietary certifications issued by commercial-based forensic software companies, indicating proficiency with specific software tools.
Topics related to computer forensics are the focus of resources listed in this category.
Recommended Resources
Founded by Stephen D.Coker, the digital forensics company has offices in Birmingham and Mobile, Alabama, as well as in Atlanta, Georgia. The firm’s services in certified digital forensic expert testimonies, computer forensic discovery, digital data discovery, disgruntled employee forensics, digital forensics in divorce and custody, and mobile device digital forensics are highlighted, with information on locations and availability. Qualifications are listed and contacts are included.
https://cokerforensics.com/
Specializing in computer forensic services and data recovery services for UK government agencies, law firms, solicitors, media companies, businesses, private individuals, and law enforcement bodies, the lab is based in London. A full list of its services is put forth, including a client list, case studies of typical computer forensics cases, and client testimonials. Other resources include an investigators' blog, contacts, and links to free computer forensic software.
https://computerforensicslab.co.uk/
Serving as a portal for computer forensics, the site encourages open discussion and the sharing of information related to best practice development in the digital forensics industry. The site features industry news, a worldwide directory of computer forensics education courses, interviews with industry leaders, job vacancy listings, several informational articles, a monthly email newsletter, and online discussion forums on a variety of topics related to the field.
http://www.forensicfocus.com/
Created for information security, HR management, or law enforcement, Forensic Notes stores all notes, images, and attachments in a time-stamped, read-only format to protect the integrity and admissibility of evidence, reducing human error in complex investigations by centralizing and organizing every note created in an investigation. A full list of features is published to the site, Articles referencing the software are featured, along with its pricing plans and support services.
https://www.forensicnotes.com/
International Association of Computer Investigative Specialists
The IACIS is a non-profit, volunteer organization responsible for training, certifying, and providing member services to computer forensic professionals worldwide, who include federal, state, and municipal law enforcement professionals in the United States, along with professional computer forensic practitioners in more than sixty other countries. Member benefits, training programs, certifications, sponsorships, a statement of ethics, and an online store are available.
https://www.iacis.com/
International Journal of Forensic Computer Science
The IJoFCS publishes original research in the area of forensic computer science, serving as a medium for the international scientific community, research centers, universities, and law enforcement agencies. Founded in 2006, the journal is indexed by Qualis/Capes and has also joined DOI and CrossRef, so all papers have DOI numbers. Its policies, and information regarding online submissions, author guidelines, copyright notices, and privacy statements are included.
http://ijofcs.org/
International Society of Forensic Computer Examiners
The ISFCE is a private organization offering an internationally recognized computer forensics certification to those who qualify, including Certified Computer Examiner (CCE) certification, ISFCE training, and proficiency testing, as well as conducting research and development into new technologies and methods. Competencies, training, study guides, software, requirements, and the testing process are defined, along with its code of ethics, policies, benefits, and fees.
https://www.isfce.com/
Developed by PassMark Software, OSForensics is available in a free trial edition, as well as a professional and bootable editions used to locate files on a Windows computer or forensic image, searching within the contents of files using its indexing engine, and identify suspicious files and activity. The bootable edition includes all of the features of the professional edition, plus the ability to run on systems without a valid operating system. A full list of features and pricing is posted.
https://www.osforensics.com/
