What is Computer Forensics?

What is Computer Forensics?

What is computer forensics? Computer forensics is the generally accepted name that is used by the industry to call the analysis and reporting of the findings of forensic analysis of all computer related and other digital media. It covers not only Personal Computers, laptops, or server hard drives but also includes other digital storage devices like usb flash drives, digital music players, memory cards, phone SIM cards and data gathered from analyzing a network. All computer operating systems can be subjected to forensic analysis. This can range from Microsoft’s DOS and Windows operating systems, to MAC and Unix systems as well as the more obscure and esoteric ones. The rule of thumb is that any data stored digitally can be analyzed via forensic methods.

A lot of electronic devices have memory modules that require continuous power in order to retain the stored information. These data can easily disappear if the power is lost whether by unplugging the power source if it relies on AC power or by letting the battery completely lose its charge. This is why computer forensics experts are very careful to identify these memory modules and determine whether special methods are needed to be implemented in order to completely download the stored data for forensic analysis. This is called identifying the source of potential evidence.

Take for example the case of a standard computer system. A computer consists of a central processing unit, memory storage devices, a monitor, a keyboard and a mouse. The system can either function as a standalone unit or be connected to the internet. Computer systems can have dozens of configurations from desktops. Laptops, server racks and even microcomputer systems. They are used for all kinds of computer functions as well data storage. When doing forensic analysis on a standard computer system, the potential evidence is usually found in files stored in the memory storage devices like hard drives, flash drives and other storage media.

Examples of potential evidence are user created files like address books, email files, audio and video files, digital photographs, calendar entries, internet histories, spreadsheet files and text files. User protected files has a high potential of being a huge source of evidence. These files are zip files that require a password or encrypted files that need both a private and public key. Most of the time, computer forensics experts devote a lot of their resources towards recovering deleted files from a suspect’s computer.  Computer data deletion protocols don’t really completely erase files and computer forensics experts can easily find these deleted files.

This is just a short overview on what is computer forensics. If you wish to learn more about the subject and field, you can do more research in this yourself.