Understanding Computer Forensics: Definition, Importance, And Techniques Essay.

Discussion

Discuss about the Computer Forensics. 

Computer forensics is one of the branches of digital forensic science that relate to the several evidences that are found within computers and the digital based stored media. It could also be defined as the several practices of the collection, analysing and the reporting of the digital data within a legally admissible process (Maras, 2015). The practice of computer forensics could be used for detecting and preventing the events of crime in such cases of disputes where the evidences would be stored in a digital format. The process of computer based forensics would also follow a parallel process to other disciplines of forensics and thus face other kinds of similar issues. Digital forensics would involve the investigation of the crimes related to computer with the primary goal of gathering evidences that would be presented to the law court (Roussev, Roussev & Martell, 2013).

The process of computer forensics involves the application of analysis and investigation based techniques for the purpose of gathering and preserving evidences from a particular based device of computing. This would be performed in such a way that would suit for presenting within the court of law (Taylor, Fritsch & Liederbach, 2014). The primary goal of the computer forensics is to conduct a well-planned process of investigation while maintaining a proper form of documented chain of various evidences in order to detect the happenings based on a computing device and the person responsible for those happenings. Although the process of computer forensics would be in association with the process of investigation of various crimes related to computers, hence they might be also used for various civil proceedings. The discipline of computer forensics would also involve similar based principles and techniques related to the recovery of data (Watson & Dehghantanha, 2016). This would also include several kind of practices and guidelines that would be mainly designed in order to create a legally based trail of audits.

The investigators of computer forensics look into the financial records of the organization for the purpose of finding evidences based on cases of fraud. They also have the permissibility of searching within the files stored in the computer of an individual in order to detect any form of criminal activity such as theft of identity. It is also possible to uncover any form of valuable metadata, which might be important for the purpose of investigation (Luttgens, Pepe & Mandia, 2014).   

History of Computer Forensics

Many evidences from the data based on the investigations of computer forensics would be mostly endangered to similar practices and guidelines of different digital evidences. Most of the evidences have been highly used for different profile cases. This practice is being widely acceptable as reliant within United States and systems of the European court (Sang, 2013).

History of Computer Forensics

The wide use of personal computers by the consumers had risen to the extreme heights in the early 1980s (Nelson, Phillips & Steuart, 2014). This had led to an increasing number of criminal based activity within the use of computers. Newer form of crimes related to the use of computers were rising that was leading to various kinds of problems within the society. During this time, there was a high need to protect and secure those kind of systems and hence the rise of computer forensics became widely important. This method would be quite helpful for recovering of the lost data by investigating based on the digital based evidences within the court of law (Saferstein, 2013).

Since then the crimes related to the use of computers had risen to great heights. In the recent times, computer forensics is widely used for investing a wide number of crimes that majorly includes fraud, cyber-stalking, espionage, child pornography and many others.

The Importance of Computer Forensics

The prime objective of computer forensics is to obtain data, preserve those data and thus document them based on the digital based evidences collected from various digital sources such as digital cameras, mobile phones, personal computers and several other kinds of memory storage devices (Mouhtaropoulos, Dimotikalis & Li, 2013). The collection of these kind of vital information for the purpose of storing those kind of evidences should be done in such a process that would be needed to be preserve the original value of the evidence and thus ensure the acceptability of the evidence during cases of any form of legal based proceedings (Aminnezhad & Dehghantanha, 2014). Computer forensics involves an assembly of professional based specialists who would be able to work together in order to collect, preserve and thus properly analyse the digital evidence just as the traditional forensics might would be able to involve people from unique specialists.

With the help of the addition of a good sense of computer forensics, it would be highly ensured that the entire survivability and integrity of any network infrastructure would be maintained. In the recent times, computer forensics mainly follows a “defence-in-depth” approach” within the network and the security of the computers. This might include the fact that the technical and the legal aspects of computer forensics would be highly essential in order to capture several forms of vital information if the security within the network would be compromised. This might also lead to the prosecution of the intruder if they are caught (Brewer, 2014).

Nowadays, people highly rely on computing devices for the storage of their vital information. They are also able to send messages for the purpose of communication. Many financial information are also transferred form one organisation to another with the help of these kind of computing devices. Many form of personal and business transactions are conducted in the electronic form. Business professionals are able to negotiate dealings with the help of email services (Ruan et al., 2013). There are several individuals who use the computing services for storing address books and marking their dates in the calendars on their personal computers. Several documents and messages are transferred from one place to another on a daily basis and are thus stored on the computers.

Ignoring the need of computer forensics might be able to lead to vital consequences. This might invite the risk of the destruction of vital evidences. The use of computer forensics is also extremely crucial for saving the high monetary value of any organization. It has been noticed that the managers of different organizations are in the process of allocation of a greater portion of their budgets within the sector of information technology (Baggili & Breitinger, 2015). This is highly meant to secure their networks and their computers from the risk of theft. The International Data Corporation (IDC) had previously reported that the market for the detection of intrusions and softwares for assessment of different vulnerabilities would be able to reach 1.45 billion dollars.

From the technical point of view, the primary goal of computer forensics would include the identification, collection, preservation and analysing of the data such that the integrity of the evidence would be maintained in cases of their use within legal proceedings. There are also some characteristic aspects of the investigation based on computer forensics. In the primary case, the concerned persons who are responsible for investigating the computers should be able to understand the various forms of potential evidences that would be essential for conducting a structured form of search (Lillis et al., 2016). The various kinds of crimes involving the use of computers could range from the spectrum of criminal activities such as theft of private data, child pornography and destruction of rational property. In the secondary scenario, the investigator should be efficient enough to select the proper kind of tools that are meant to be used. There might be several instances where vital files might have been damaged, deleted or they have been encrypted. Hence the computer forensics investigator should have the familiarity with a vast array of software and efficient methods in order to prevent any form of further damage within the process of recovery (Cahyani et al., 2017).

Techniques Used in Computer Forensics

Different kinds of techniques based on computer forensics and a vast knowledge of technical expertise are mainly used to provide a proper explanation of the present state of the digital evidences that might include the system of computers, medium of storage or any other form of electronic document. The varied scope of analysis of computer forensics could range from a simple retrieval of information to the purpose of reconstructing a wide series of events. The digital form of evidences should be systematically and carefully collected, preserved in order to present it before the court of law. The prime locations where the digital evidences could be found such as hard drives of the computers and other forms of digital media should not be exclusively disturbed such that the chances of gathering of those information might be reduced. The professionals of computer forensics should be able to extend their cooperation and have direct access to the essential locations or information.

Importance and Forms of Digital Data 

In the context of information systems and information theory, the digital data could be defined as the discrete, intermittent representation of works or several forms of information. In this form of data, letters and numbers are primarily used for the representation of the data. This data is able to represent various other forms of data with the use of specific systems of machine based languages. Most essential systems among these would include the binary systems that is able to store video, audio or information related to texts in a form of binary characters. The greatest strengths of digital data is that very complex analog based inputs could be easily represented with the help of binary systems. This model for the capture of information has been a great help for several business processes and government sectors in order to explore new methods of collecting information based on a digital interface. A proper understanding of the nature and the various forms of interpretation of digital data would also involve the knowing of the existence of the digital data and the occurrences of the format of digital data (Beer & Burrows, 2013).  

Types of Data 

The most advanced and modern form of computers are mostly able to collect and store huge quantities of data. The digital format of data could be in contrast with analog signals that mostly behave in a continuous format that have continuous functions such as images, sounds and other forms of measurements. The term of digital data is mostly familiar with electronics and mainly used within computing. This term is also mainly used in such kinds of places where the real-world information would be converted to a form of binary numeric such as digital based photography and digital audio.

There are two kinds of vital data that are primarily collected for use within computer forensics. Persistent data is such format of the data that can be stored on a local hard drive. This data would be preserved even when the computer would be in the turned off mode. Volatile data is such kind of data that would be stored within the memory of the computer. This data would exist in transit and would be lost when the computer would be turned off or when the computer would lose power. This data would reside within the cache of the computer, registries and the random access memory (RAM).

Active Data – This data mainly comprises of the created data of users such as information related to customer, documents of word processing, spreadsheets, files of operating systems and temporary collected files.

Communication Data – A digital trail is created automatically whenever an individual would use the computer, mobile phones or any smart devices in order to communicate. This trial of information could be able to yield the vital information about the whereabouts of the communication pattern of the user, the time of occurrence of the communication, the type of documents that was transmitted and even the various attempts of erasing the records of such kind of communication. All of these data can be stored electronically and thus can be discovered on a potential basis.

This form of communicated data might reside on the computer of the user. Other forms of relevant data might be able to reside as part of networks that are mainly attached with systems of detection of intrusion and routers.

Residual Data – It is widely assumed by some users that their deleted files from the computer have been deleted permanently. In fact the operating system of the computer keeps a track of the directory of names and locations of the deleted files. The residual form of data might also be able to include the portions of he selected files that are mainly distributed on the surface of drives or which are embedded within other kind of files. Hence these kind of files are commonly referred as unallocated data or file fragments (Grispos et al., 2014).   

Backup Data – Most of the communications and business data are mainly preserved on the backup tapes on a daily basis. The backed up data mainly comprise of vital information that are mainly copied to some portable media such as diskettes, CDs or tapes. This is mainly meant to provide the users with a varied access to their useful data in cases of failure of the systems. The primary frequency of the backup of data are mainly set up by organizational based policies with the help of several form of networked systems that are normally backed up with the help of a routine scheduler. In a typical scenario, the network based backup of data are only able to capture such kind of data that are mainly saved onto the centralized systems of storage.

Importance of knowledge of Computer Forensics   

In the age of technological advancements, networks and computers are widely becoming useful and hence these facilities are mainly being used by criminals in order to employ the facilities of the technology. Although the process of examination of digital forensics might be disruptive and time consuming, yet it is very much essential to implement those technologies in order to save the systems from disastrous outcomes. The greater form of familiarity with computer forensics might be able to lead to much greater form of awareness of the importance of security within computer networks and maintain appropriate procedural controls that would be able to govern the use and access to computers, devices and several underlying networks (Lang et al., 2014).

The governance of the corporate sector is also another important aspect that is needed to be considered. With the rapid growth of the organizational and corporate data that is being created and stored in the electronic format, hence there is a high need for gathering and preserving the data in such cases of investigation of the critical data. Such kinds of data could be invaluable for identification of internal criminals (Claessens & Yurtoglu, 2013).

Legal Aspects of Computer Forensics  

The professionals of computer security should need to put consideration on the decisions of the policy and technical based actions within the context of pre-existing laws. The principle of computer forensics is a new form of discipline within the courts. The existing laws are mainly used for the purpose of prosecution in cases of computer crimes. Increasing number of laws are being made, which might be required by organizations in order to safeguard the privacy of the personal data of users. The organizations should comply according to the newly set rules as to secure their privacy systems.

The violations of the set statures based on computer forensics could be constituted to a punishable offence that might lead to imprisonment. Hence, it would be highly advisable to consult to a legal counsel during such cases of doubt regarding the implications based on the actions of computer forensics based on any particular organization (Dezfoli et al., 2013).

Usage of Computer Forensics

With the rise in the area of digital based scenes of crime, the need for expertise in the field of computer forensic within the law enforcement is highly needed. There are many agencies of law enforcements who would highly rely on the use of computer forensics in order to catch the criminals. 

There are certain areas related to disputes or crimes where the laws related to computer forensics cannot be put into application. The agencies that are responsible for the enforcement of laws are one of the earliest and heftiest users of computer forensics. They have always been at the front position within fields of developments within this sector. The use of computers might be able to establish a recreation of the crime scene such as tracking of internet history of a user, files or documents in relation with the crimes that includes kidnap, fraud, trafficking of drugs and murder. An examination conducted by computer forensics might also be helpful for revealing the first appearance of a document, the last editing of the document or the last timing of saving of that particular document. In the recent times, many of the commercial based organisations have widely used the technique of computer forensics in order to benefit in various cases such as industrial espionage, fraud investigations, bankruptcy investigations, regulatory compliance and various kinds of disputes based on employment (Zawoad & Hasan, 2013).  

The Job of a Computer Forensic Specialist

It is a high responsibility of a computer forensic specialist in order to determine whether a computer disk, digital media or various other kind of devices might have contained several potential evidences. They are also responsible for securing any form of seized material such as floppy disks, hard disks or any other kinds of digital media. The specialist should also be able to ensure that the entire process of securing the vital information of the user should be conducted properly without any form of compromising on the data. When the entire data of the user might have been extracted and processes properly, the specialist of computer forensics should properly evaluate the gathered information for their correct value. The entire conducted process should be properly done according to the norms of the best international based practices so as to protect the valuable information of the client.   

Based on the events based on crime, a computer forensic specialist should visit the site in order to determine the various forms of computer systems. This information would be highly essential for the determination of the appropriate hardware and software tools based on the scene of the crime. Professional based on computer forensics must be highly aware of the various jurisdictional guidelines and they should take different preventive measures for minimizing the extreme chances of accidents.

In a general context, the different kinds of items that would be helpful for the forensic examination must be securely preserved within a quick frame of time. The entire collection of the evidences should be properly conducted according to the relevant guidelines of the jurisdiction that may vary from one country to another. The recording of every items that might be removed from the scene of crime should be done properly and the exact locations should be described properly where the items have been collected from. Finally, all of the evidences should be packaged properly, labelled and sealed.

Conclusion

Based on the above discussion, it can be concluded that the use of computer forensics has been an increasing area of importance within the security of the computers and the underlying networks. Computer based forensics is mainly defined as the acquisition, examination and thus establishing several facts based on the reports that would be in relation to a particular scene of crime. Cyber forensics has gained an increasing level of importance within the community that widely deals with the enforcement of laws. This importance has been widely gained due to the huge number of crimes that are being conducted on a daily basis with respect to the wide growing number of computer users and the use of the internet technology. These type of cyber based crimes have become common because they are mostly non-violent and yield huge range of profits. They also face a lower risk of capture and also if caught, they would be sentenced to short terms within prison.

The face of the internet in the recent times is changing continuously. With the changes in the implementation of the technology of the internet, the investigation of the scenes within crimes is also taking a new route. Computers are able to yield the evidences based on a varied range of unlawful and criminal activities. The criminals who are mainly engaged in crimes based on computer networks are not the only ones who would store their information on the computers. It has been widely noticed that those criminals who are engaged in sexual assault, drug deals, auto theft, kidnapping and murder are also using the online platform to maintain their files. There are several instances where it has been found that the stored information on the computer was the primary key in order to identify the prime suspect of the crime. The computer also yields vital evidences to highlight the crimes conducted by the criminals.  

With the support gained from computer forensics, the companies can rely on the computer networks for their transfer of business related information. The use of computer forensics could be useful for investigating any such kind of unrestricted activities on computers and the resources of the computers at the work place. Hence the private investigators make use of the computer forensics in order to track any form of unauthorised access to vital resources. There are several companies who have developed computer forensic software in order to detect any form of intrusion within their secured networks.  

Based on the discussion on computer forensics, it could be recommended that the use of computer forensics should be able to need a basic level of understanding on the subject. The investigators who are mainly responsible for the protection of the computer systems should be able to predict the connection to a particular form of crime. The judges and prosecutors should also have a vast understanding on the wide role of digital based evidences. They should also be able to recognize the need for the conduction of a painstaking task of the forensics examination.

There are several instances where the organization would fall as a major victim to a particular form of suspected crime. In general cases, the organization should be able to resist the enticement to properly implement a quicker fix to the activity of crime. Instead of implementing such kind of measures, the organization should immediately contact the specialists of Computer Forensics and thus they should leave the scene as undisturbed till the time when the proper professionals would arrive and visit the scene of crime.

Based on the investigations conducted by several Cyber Forensic specialists, there are certain measures, which should be adopted in order to increase the rapid spread of the network of crimes. The displays of the screens should not be changed and various printouts that were taken prior to the incident should be left just according to their respective places. The process of restoration from the backup of files should not be conducted until the forensic specialists would have conducted their initial investigations and have hence indicated that the process of restoration should be commenced. The devices that were powered on should be left as they were and they should be submitted to the hands of the specialists in order to determine whether they should be shut down. The personnel within the organization should be properly instructed so as not to perform any form of activities on the devices that are affected till the time up to which the forensic specialist have finished their work of investigation (da Cruz Nassif & Hruschka, 2013).

In order to increase the efficiency within the process of investigation, the concerned organization should be highly prepared to provide any kind of relevant information to the specialists of Computer Forensics. This would help in ensuring that the process of examination and detection of the appropriate root of the crime so as to avoid any future instances of the crimes.

References

Aminnezhad, A., & Dehghantanha, A. (2014). A survey on privacy issues in digital forensics. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 3(4), 183-199.

Baggili, I., & Breitinger, F. (2015, March). Data sources for advancing cyber forensics: what the social world has to offer. In 2015 AAAI Spring Symposium Series.

Beer, D., & Burrows, R. (2013). Popular culture, digital archives and the new social life of data. Theory, culture & society, 30(4), 47-71.

Brewer, R. (2014). Advanced persistent threats: minimising the damage. Network security, 2014(4), 5-9.

Cahyani, N. D. W., Martini, B., Choo, K. K. R., & Al?Azhar, A. M. N. (2017). Forensic data acquisition from cloud?of?things devices: windows Smartphones as a case study. Concurrency and Computation: Practice and Experience, 29(14), e3855.

Claessens, S., & Yurtoglu, B. B. (2013). Corporate governance in emerging markets: A survey. Emerging markets review, 15, 1-33.

da Cruz Nassif, L. F., & Hruschka, E. R. (2013). Document clustering for forensic analysis: an approach for improving computer inspection. IEEE transactions on information forensics and security, 8(1), 46-54.

Dezfoli, F. N., Dehghantanha, A., Mahmoud, R., Sani, N. F. B. M., & Daryabar, F. (2013). Digital forensic trends and future. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(2), 48-76.

Grispos, G., Glisson, W. B., Pardue, J. H., & Dickson, M. (2014). Identifying user behavior from residual data in cloud-based synchronized apps. arXiv preprint arXiv:1411.2132.

Lang, A., Bashir, M., Campbell, R., & DeStefano, L. (2014). Developing a new digital forensics curriculum. Digital Investigation, 11, S76-S84.

Lillis, D., Becker, B., O'Sullivan, T., & Scanlon, M. (2016). Current challenges and future research areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.

Luttgens, J. T., Pepe, M., & Mandia, K. (2014). Incident response & computer forensics. McGraw-Hill Education Group.

Maras, M. H. (2015). Computer Forensics. Jones and Bartlett Learning.

Mouhtaropoulos, A., Dimotikalis, P., & Li, C. T. (2013, November). Applying a digital forensic readiness framework: Three case studies. In Technologies for Homeland Security (HST), 2013 IEEE International Conference on (pp. 217-223). IEEE.

Nelson, B., Phillips, A., & Steuart, C. (2014). Guide to computer forensics and investigations. Cengage Learning.

Roussev, V., Quates, C., & Martell, R. (2013). Real-time digital forensics and triage. Digital Investigation, 10(2), 158-167.

Ruan, K., Carthy, J., Kechadi, T., & Baggili, I. (2013). Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Digital Investigation, 10(1), 34-43.

Saferstein, R. (2013). Forensic Science. Pearson/Prentice Hall.

Sang, T. (2013, January). A log based approach to make digital forensics easier on cloud computing. In Intelligent System Design and Engineering Applications (ISDEA), 2013 Third International Conference on (pp. 91-94). IEEE.

Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism. Prentice Hall Press.

Watson, S., & Dehghantanha, A. (2016). Digital forensics: the missing piece of the internet of things promise. Computer Fraud & Security, 2016(6), 5-8.

Zawoad, S., & Hasan, R. (2013). Cloud forensics: a meta-study of challenges, approaches, and open problems. arXiv preprint arXiv:1302.6312.

Cho, G. S. (2013). A computer forensic method for detecting timestamp forgery in NTFS. Computers & Security, 34, 36-46.

Conklin, W. A., White, G., Cothren, C., Davis, R., & Williams, D. (2015). Principles of computer security. McGraw-Hill Education Group.

Cowen, D., Gorgal, R., Shaw, J. W., & Widup, S. (2013). Computer forensics: InfoSec pro guide. McGraw-Hill.

Gilbert, K., & Stephenson, P. (2013). Investigating computer-related crime. CRC Press.

Guarino, A. (2013). Digital forensics as a big data challenge. In ISSE 2013 securing electronic business processes (pp. 197-203). Springer Vieweg, Wiesbaden.

Luttgens, J. T., Pepe, M., & Mandia, K. (2014). Incident response & computer forensics. McGraw-Hill Education Group.

Moon, S. K., & Raut, R. D. (2013, December). Analysis of secured video steganography using computer forensics technique for enhance data security. In Image Information Processing (ICIIP), 2013 IEEE Second International Conference on (pp. 660-665). IEEE.

Moore, R. (2014). Cybercrime: Investigating high-technology computer crime. Routledge.

P?tra?cu, A., & Patriciu, V. V. (2013, May). Beyond digital forensics. A cloud computing perspective over incident response and reporting. In Applied Computational Intelligence and Informatics (SACI), 2013 IEEE 8th International Symposium on (pp. 455-460). IEEE.

Wen, Y., Man, X., Le, K., & Shi, W. (2013). Forensics-as-a-service (faas): computer forensic workflow management and processing using cloud. In The Fifth International Conferences on Pervasive Patterns and Applications (pp. 1-7)