Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying and validating the digital information for the purpose of reconstructing past events. Prior to the 1980s, crimes involving computers were dealt with using existing laws.
The first computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included legislation against the unauthorized modification or deletion of data on a computer system. Over the next few years the range of computer crimes being committed increased, and laws were passed to deal with issues of copyright, privacy.
Canada was the first country to incorporate computer offenses. This was followed by the US Federal Computer Fraud and Abuse Act in 1986, Australian amendments to their crimes acts in 1989 and the British Computer Misuse Act in 1990.
Using the term “forensics” certainly implies that digital forensics is used to recover digital evidence to be used in court of law against some nefarious offender. This is true in many instances. Perhaps a disgruntled employee stole valuable data after getting fired or maybe a company fell victim to corporate espionage. These criminal cases definitely rely on digital forensics to provide evidence pertaining to such crimes.
Digital forensics isn’t just limited to the court of law. Often times, a company may be handling some sort of internal affair like a violation of a corporate policy, which doesn’t necessarily fall under the “crime” category. In the same way, however, digital forensics is used to find evidence that either backs or disproves some sort of assumption. A digital forensic investigation commonly consists of 3 stages: acquisition or imaging of exhibits, a*analysis, and reporting. Ideally acquisition involves capturing an image of the computer's volatile memory (RAM) and creating an exact sector level duplicate of the media. During the analysis phase an investigator recovers evidence material using a number of different methodologies and tools. The actual process of analysis can vary between investigations, but common methodologies include conducting keyword searches across the digital media recovering deleted files and extraction of registry information. The evidence recovered is analysed to reconstruct events or actions and to reach conclusions. When an investigation is complete the data is presented, usually in the form of a written report.
The only thing that does matter is preventing facts clearly and concisely. That’s the end goal of digital forensics. The law enforcement community uses forensic software and hardware to collect, triage, investigate, and report on evidence from devices and networks. Digital forensics is commonly used in both criminal law and private investigation. Traditionally it has been associated with criminal law, where evidence is collected to support or oppose a hypothesis before the courts. Digital forensics helps investigators find evidence directly related to a criminal investigation. It also helps confirm statements, authenticate documents, create timelines, etc. As the number of digital devices and services explodes, so do the digital footprints we all leave behind. Forensic tools allow investigators to examine and understand these digital footprints as they try to prove the facts of the case.
The first computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included legislation against the unauthorized modification or deletion of data on a computer system. Over the next few years the range of computer crimes being committed increased, and laws were passed to deal with issues of copyright, privacy.
Canada was the first country to incorporate computer offenses. This was followed by the US Federal Computer Fraud and Abuse Act in 1986, Australian amendments to their crimes acts in 1989 and the British Computer Misuse Act in 1990.
Using the term “forensics” certainly implies that digital forensics is used to recover digital evidence to be used in court of law against some nefarious offender. This is true in many instances. Perhaps a disgruntled employee stole valuable data after getting fired or maybe a company fell victim to corporate espionage. These criminal cases definitely rely on digital forensics to provide evidence pertaining to such crimes.
Digital forensics isn’t just limited to the court of law. Often times, a company may be handling some sort of internal affair like a violation of a corporate policy, which doesn’t necessarily fall under the “crime” category. In the same way, however, digital forensics is used to find evidence that either backs or disproves some sort of assumption. A digital forensic investigation commonly consists of 3 stages: acquisition or imaging of exhibits, a*analysis, and reporting. Ideally acquisition involves capturing an image of the computer's volatile memory (RAM) and creating an exact sector level duplicate of the media. During the analysis phase an investigator recovers evidence material using a number of different methodologies and tools. The actual process of analysis can vary between investigations, but common methodologies include conducting keyword searches across the digital media recovering deleted files and extraction of registry information. The evidence recovered is analysed to reconstruct events or actions and to reach conclusions. When an investigation is complete the data is presented, usually in the form of a written report.
The only thing that does matter is preventing facts clearly and concisely. That’s the end goal of digital forensics. The law enforcement community uses forensic software and hardware to collect, triage, investigate, and report on evidence from devices and networks. Digital forensics is commonly used in both criminal law and private investigation. Traditionally it has been associated with criminal law, where evidence is collected to support or oppose a hypothesis before the courts. Digital forensics helps investigators find evidence directly related to a criminal investigation. It also helps confirm statements, authenticate documents, create timelines, etc. As the number of digital devices and services explodes, so do the digital footprints we all leave behind. Forensic tools allow investigators to examine and understand these digital footprints as they try to prove the facts of the case.
No comments:
Post a Comment