The Science of Computer Forensics

Ever since their invention, personal computers and networked computers have found favour with the professionals and the layman alike. The usage has increased several fold over the years. Like any new invention, the misuses too have grown. In fact the misuses have grown really out of proportion. Cyber Crimes as these are called has really reached damaging levels. These include breaking into the bank accounts through internet banking or use of pilfered Debit cards, phishing, hacking of accounts, identity thefts and data thefts.

This new branch is a slowly evolving new field of study. The aim of this branch of computer science is to determine the modus operandi of the cyber thiefs and not only bring them to book, but to prevent such criminal acts in future, through proper softwares and of course legislations.

Forensic techniques and expert knowledge are largely used to explain how the device has been tampered with, such as a computer system, storage medium, electronic documents (e.g. email messages or JPEG image).The scope of a forensic analysis can vary from simple information retrieval to reconstructing a series of events. This branch has been defined as involving “the preservation, identification, extraction, documentation and interpretation of computer data”. Computer forensic methodology is backed by flexibility and extensive domain knowledge and is often the culmination of hardwork, intuitive observations and proven inferences.

Through appropriate legislation, in India, forensic evidence is subject to the usual requirements for digital evidence requiring information to be authentic, reliably obtained and admissible.

Computer forensic investigations usually follow the standard digital forensic process (acquisition, analysis and reporting).

A number of techniques are used during computer forensics investigations like cross-drive analysis, analysis of deleted files etc. The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. A common technique used in computer forensics is the recovery of deleted files.

Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.

Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high profile cases and is becoming widely accepted as reliable within US,European and of late, Indian court systems.