Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information. Forensic techniques and expert knowledge are used to explain the current state of a digital artifact, such as a computer system, storage medium (e.g. hard disk or CD-ROM), or an electronic document (e.g. an email message or JPEG image).
Examples of its use:
- The digital evidence on the computer of Dr. Conrad Murray, the doctor of the deceased Michael Jackson, contributed to his conviction. The evidence on his computer included medical documentation showing lethal amounts of propofol.
- The computer of serial killer and rapist, Joseph E Duncan III, showed a spreadsheet containing information about the planning of his crimes. Prosecutors used this to show premeditationand secure the death penalty. Law enforcement apprehended him in 2005.
As specialized as this subject is, there are Bachelor of Science degrees. One college offers a B.S. in Computer Forensics and Digital Investigations. The courses teach you, through virtual hands-on learning and application, to identify and respond to cybersecurity breaches and computer network hacks. You will also learn the skills necessary to analyze and recover compromised data. This program is available online.
The above example is part criminal justice and part computer science. The curriculum verifies this, as the coursework includes criminal investigation, criminal law, digital forensic analysis, foundations of cybersecurity, and cybercrime. Digital forensics analysis, as an example, explores File System Forensics, Computer Operating System Forensics, and Mobile Device Forensics.
In addition, there is an Anti-Forensics and Network Forensics course. It studies the art of anti-forensics, which is the art of information hiding. You learn about the broad field of data hiding and anti-forensics with a specific concentration on cryptography (secret writing) and steganography (hidden writing).
Another online program is a Bachelor of Science in Cybersecurity with the choice of four specializations. One of these is Network Forensics and Intrusion Investigation. This specialization combines computer science with computer forensics and vulnerability assessment skills to investigate cyber-related incidents. The coursework studies the technical aspects of conducting computer network investigations—such as evidence collection, data recovery, and digital imaging—in addition to the legal, ethical, and social aspects of computer forensics. Students learn about Python programming, cybersecurity scripting, network investigations, advanced network forensics, and vulnerability assessment.
There are more specializations at the graduate level. A Master of Science in Digital Forensics and Cybersecurity degree program offers a balance of practice and theory through study in computer science, law, and criminal justice. The program produces professionals qualified as digital forensic scientists who can apply and sustain their expertise as new technological and societal challenges emerge. Graduates will understand the scientific, legal and criminal justice context of high technology crime, and be able to effectively communicate their knowledge to others.
Another school offers a Master of Science in Digital Forensics and Cyber Investigation. Students analyze complex data scenarios, examine digital media for evidentiary artifacts, and write detailed digital forensic examination reports. The applied knowledge and skills you acquire can help government, business, and law enforcement organizations in detecting data breaches, mitigating cyber attacks, identifying responsible parties, and evaluating evidence of a digital crime.
One of the courses in the above paragraph is Digital Forensic Technology and Practices. Students gain proficiency with the tools and technologies commonly used in forensic examinations. You explore procedures and the best practices for securing and validating evidence, including digital media, and physical memory.
Cyber Forensics vs. Cyber Security
Here is an analogy to explain the difference between the two terms. Pretend you have a business that has frequent burglaries. Therefore, you hire a security company and a forensics company. The security company will send you people to install security devices on the property. The forensics company will try to find out who robbed your business.
Cyber Forensics is about analysis and investigation of digital crimes. It involves identification, seizure, analysis, preservation, documentation, and presentation (in the Court of Law). Cyber security deals with identifying vulnerabilities (loopholes) and patching the loopholes. These might be present in websites, operating systems, and software.
According to the Merriam Webster dictionary, security is defined as “the state of being protected or safe from harm.” Forensics is defined as “relating to the use of scientific knowledge or methods in solving crimes”. In almost all security breaches, a crime has also been committed requiring the joint efforts of security and forensics. The goal of both security and digital forensics professionals is to stop criminal activity. The ability to think like a criminal, combined with each expert’s unique technical skills and tools, links security professionals and forensics experts together.