By: Shimon Brathwaite
June 18, 2021
Introduction To Computer Forensics
By: Shimon Brathwaite
June 18, 2021
Forensic science is the application of science to criminal and civil laws, primarily during criminal investigations. This isn't just exclusive to physical crimes. In many cases, computer forensics is an important part of investigating any cyberattacks. Even if there isn't going to be prosecution following a cyberattack, it's still good for companies to have computer forensics done. With this, the company can be sure that they got rid of all traces of whatever malware was put on their systems. Computer forensics is a niche within the specialty of cybersecurity and has a very solid growth projection going into the future. Here we go over what computer forensics is and why it is valuable in both the public and private sectors:
What is Computer Forensics?
As mentioned previously, forensic science is an application of science that looks at gathering evidence for criminal investigation. When you perform computer forensics, you're generally looking to see what actions were done and by what users. It focuses just on gathering digital evidence from computer systems, primarily following some cyberattack. It can also investigate what type of actions were performed on a computer by a person. Some examples of this are what files were copied, created, downloaded, or moved; IP addresses were connected to the machine or anything else that may have occurred on it. This is usually done by searching what information is stored on the hard drive of the computer as well as the information kept in the computer's memory. Depending on the situation, the results of the investigation are then used to prosecute people in court, influence decisions of firing employees, or determine if a cyber attack has been properly contained.
Computer Forensics in the Private Sector
Computer forensics within companies is quite different from what law enforcement will do. General companies use computer forensics whenever there is a cyberattack to determine what hackers did to the computers and use the findings to guide their response. Without computer forensics, it is very difficult to determine when the cyberattack has been properly fixed. Another use for computer forensics is for examining employee misconduct. This can be anything from deleting files, viewing files outside of their job description, or cases of harassment on the job. In this situation, the goal is to gather evidence that can be used to determine what the employee did, what disciplinary action is warranted, and if they want to get law enforcement involved.
Computer Forensics in the Public Sector
Computer forensics in law enforcement is more focused on prosecuting criminals. This can be anything from text messages, hidden files on computers, or getting location data from cell phones to determine where someone was at a certain time. Since most of the forensic work in the public sector will be used in court, things like chain of custody and documenting what steps were taken are extremely important to ensure that the defense can't throw out the evidence.
Due to the time people spend on their computer devices, and how much our lives are integrated with technology, computer forensics is expected to be an important part of criminal investigations for many years to come. Also, because it's such a niche area, there aren't as many people going into this area compared to general cybersecurity positions. Due to this high demand and the lack of competition, computer forensics is a good career path to consider if you're interested in investigations or just doing good for society. For example, the thorn project, which Ashton Kutcher started, is dedicated to helping end child trafficking and looks for volunteers with computer forensics experience.