Discovering Cyber Forensics

Cyber forensics is a new and fast growing field that involves carefully collecting and examining electronic evidence that not only assesses the damage to a computer as a result of an electronic attack, but also to recover lost information from such a system to prosecute a criminal. With the growing importance of computer security today and the seriousness of cyber crime, it is important for computer professionals to understand the technology that is used in cyber forensics.

Introduction

Cyber forensics involves the preservation, identification, extraction, documentation and interpretation of computer data.

The three main steps in any computer forensic investigation are acquiring, authenticating, and analyzing of the data. Acquiring the data mainly involves creating a bit-by-bit copy of the hard drive. Authentication is the ensuring that the copy used to perform the investigation is an exact replica of the contents of the original hard drive. Analysis of the data is the most important part of the investigation since this is where incriminating evidence may be found.

Part of the analysis process is spent in the recovery of deleted files. The job of the investigator is to know where to find the remnants of these files and interpret the results. Any file data and file attributes found may yield valuable clues. If deleted data could not be recovered through the use of common forensic tools, more sensitive instruments can be used to extract the data.

Data recovery is only one aspect of the forensics investigation. Tracking the hacking activities within a compromised system is also important. With any system that is connected to the Internet, hacker attacks are as certain as death and taxes. It is impossible to completely defend against all attacks. As soon as a hacker successfully breaks into a computer system the hacker begins to leave a trail of clues and evidence that can be used to piece together what has been done and sometimes can even be used to follow a hacker home. Computer forensics can be employed on a compromised system to find out exactly how a hacker got into the system, which parts of the system were damaged or modified.

Image source: http://www.datasector.hr
Image source: http://www.datasector.hr

What is Cyber Forensics?

If you manage or administer information systems and networks, you should understand computer forensics. Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts. Forensics deals primarily with the recovery and analysis of latent evidence. Latent evidence can take many forms, from fingerprints left on a window to DNA evidence recovered from blood stains to the files on a hard drive.

Because computer forensics is a new discipline, there is little standardization and consistency across the courts and industry. As a result, it is not yet recognized as a formal “scientific

Cite this article:
Djekic M (2014-02-19 00:15:57). Discovering Cyber Forensics. Australian Science. Retrieved: Mar 28, 2024, from http://australianscience.com.au/technology/discovering-cyber-forensics/