What is Computer Forensics?
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it.
Investigators use a variety of techniques and proprietary software applications. They search hidden folders and unallocated disk space for copies of deleted, encrypted, or damaged files. Any evidence found on the digital copy is carefully documented in a “finding report.” Then, it is verified with the original file in preparation for legal proceedings that involve discovery, depositions, or actual litigation.
There are few areas of crime or dispute where computer forensics is not applicable. Law enforcement agencies are among the earliest and heaviest users of computer forensics. This brand of criminal justice transfers the crime scene to computers. For example, the computer may hold evidence in the form of emails, internet history, documents, or other files relevant to crimes such as murder, kidnap, fraud, and drug trafficking.
What are some of the classes you can expect to take in an undergraduate program? We offer the following examples from randomly selected colleges to illustrate subjects in this discipline.
Law of Searching & Seizing Digital Evidence
The class teaches the application of legal principles that govern how vital digital evidence is recovered (and used) to ensure that it will be legally admissible in court.
You need to understand the rules and procedures governing how the American criminal justice system processes people suspected, accused, and convicted of law violations. This class examines these topics.
This class explores topics advanced methodologies for examining digital evidence. Topics may include File System Forensics, Computer Operating System Forensics, and Mobile Device Forensics.
Network Defense and Security
The class examines the defense of network systems against attacks through the use of worms, viruses, and other criminal acts. The course provides a foundation in the fundamentals of network security and some hands-on experience in the installation and utilization of firewalls and intrusion detection systems.
Mobile Device Forensics
Handheld devices such as cell phones and tablets are a source of evidence. This class provides the skills, tools, and knowledge necessary to seize, image, examine and build cases for these devices.
Applied Exploits and Hacking
This course combines the fundamental and historical perspective of hacking methodologies and applied hands-on skills. This is an applied hands-on class requiring the use of a variety of modern operating systems.
A successful computer forensic candidate must have the skills necessary to understand topologies and protocols. This course will provide the skills, tools, and knowledge necessary to identify and gather evidence on a network.
Corporate Issues in Digital Forensics
This course covers aspects being dealt with in human resource management (protection/investigation of data related to HR operations), eDiscovery (data collection and attribution for legal processes) and intrusions/criminal activities. Topics reflect actual issues facing businesses globally utilizing real malware, incidents, and tools used by practitioners.
International and Federal INFOSEC Standards & Regulations
This course is an overview of federal and international information security standards. Students conduct research and analysis on how U.S. security regulations vary by industry, including healthcare, education, military, federal organizations, utilities, and financial organizations.
Operating Systems Forensics
This class provides the tools and knowledge to choose the proper tool in order to examine various operating systems. The course explores operating systems from a forensics point of view. Topics covered include examining Windows, UNIX, Linux, and Mac operating systems with a focus on areas of malware locations and important data locations for each OS.
The classes for your degree should afford certain learning objectives. You want to graduate from the respective program with the ability and confidence to be competent in the field of digital forensics. Do the classes at your college of choice teach these skills?
- Articulate the complexity of and apply thinking skills to how the network and application infrastructure affects technology forensics investigations and incident response procedures.
- Evaluate, select, and deploy computer forensic measures for the response, mitigation, and analysis of a security incident pertaining to digital artifacts and compromised information.
- Evaluate and execute the strategies, methodologies, technique, and state-of-the-art forensics tools for the preservation of digital evidence on computer systems, network systems, and other electronic devices.
- Possess the technical skills for recovering evidence and the presentation skills to provide both detailed technical and summary data to interested parties.
- Learn methods to obtain and document digital information, trace attribution of malicious code and digital artifacts, and
reverse engineer data in order to develop countermeasures.