SAK 4801 SPECIAL TOPICS IN COMPUER SCIENCE II Chapter 1 Computer Forensics in Today’s World Mohd Taufik Abdullah Department of Computer Science Faculty of Computer Science and Information Technology University Putra of Malaysia Room No: 2.28 Portions of the material courtesy EC-Council
Computer combined with Internet has become an important part of everyday life of the general public.
Nowadays, more and more people are using computers and devices with computing capability.
The combination of the growth in the number of computerization of business processes and Internet users has created new opportunities for criminal.
According to the EC-Council:
85% of business and government agencies detected security breaches
FBI estimates that the United States loses up to $10 billion a year to cyber crime.
1. 1 Introduction to Computer Forensics (Cont.)
The digital age has produced many new professions, but one of the most unusual is computer forensics.
Computer forensics deals with the application of law to a science.
Although it is similar to other forms of legal forensics, the computer forensics process requires a vast knowledge of computer hardware and software in order to avoid the accidental invalidation or destruction of evidence and to preserve the evidence for later analysis.
Forensic science is “the Application of physical sciences to law in the search for truth in civil, criminal and social behavioral matters to the end that injustice shall not be done to any member of society ” (Source: Handbook of Forensic Pathology College of American Pathologists 1990)
Forensic science is “ the application of scientific techniques and principles to provide evidence to legal or related investigations and determinations ” (Forensic science : an encyclopedia of history, methods, and techniques, 2006)
determining the evidential value of crime scene and related evidence
Computer forensics is defined as “a methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format ” (Dr. H.B. Wolfe)
A ccording to Steve Hailey, Cybersecurity Institute, computer forensics is “ The preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing expert opinion in a court of law or other legal and/or administrative proceeding as to what was found.”
FBI defines computer forensics as an application of science and engineering to the legal problem of digital evidence.
James Borek (2001), computer forensics is “ equivalent of surveying a crime scene or performing an autopsy on a victim ”.
Computer forensics is “ the use of scientifically derived and proven methods toward the preservation , collection , validation , identification , analysis , interpretation , documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations .” (DFRWS 2001)
1. 2.4 Definition of Computer Forensics (Cont.)
1. 2.5 Computer Forensics Versus Other Related Disiplines
Computer forensics versus network forensics
Computer forensics involves scientifically examining and analyzing data from computer storage media so that the data can be used as evidence in court. (DIBS USA, Inc. – a corporation specializing n computer forensics)
Computer forensics investigates data that can be retrieved from a computer’s hard disk or other storage media.
Investigating computers includes collecting computer data securely, examining suspect data to determine details such as origin and content, presenting computer-based information to courts, and applying laws to computer practice.
Law enforcement officials, network and system administrators of IT firms, attorney and also private investigators depend upon qualified computer forensic experts to investigate their and civil cases.
An appropriate computer forensics specialist is called and extend them as much cooperative assistance as possible because if there is to be any chance of recovering property, locating and successfully prosecuting the criminal, there must be evidence of sufficient quantity and quality.
Corrupted files from a system
This data will be helpful during presenting testimony in the court .