“Computer forensics is one of the three main functions of computer security: the TRIAD consists of vulnerability assessment and risk management, network intrusion detection, and incident response computer investigations.”
What are computer forensics?
A computer forensic is a methodical series of techniques and procedures for gathering evidence from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format. According to The Wall Street Journal, computer crime happens more often than car accidents, and car accidents occur four times a minute in the United States. A defensive posture, security awareness training, and continuous good communication help keep insider threats to a manageable minimum.
To understand computer forensics, you must know what it is triying to accomplish. The ultimate goal of computer forensics is to produce evidence for legal cases. To achieve this ultimate goal there are some objectives you need to work on in four steps;
- Prepare for investigation
For example write protecting your evidence drive is one of the ways to prepare for your investigation
- Acquire data
Acquiring data here means to simply make a copy of your evidence drive so that when you’re doing your investigation you only work on the copy of the evidence drive rather than the evidence drive itself.
- Analyze data
Once you have your data acquired the next step is to analyze the data. Conducting a search based on a keyword could be a good example of analyzing the data.
- Identify evidence and present it
Last but not least, you need to identify evidence and present it in the form of a written report. Many times, these records are auto generated by your computer forensics tool but you still have to edit this auto generated report as a computer forensics investigator. When these objectives of computer forensics are accomplished it is safe to say that a computer forensics investigator is now ready to submit evidence.
Type of Computer forensics investigation
Primarily, there are two types of computer forensics investigations. One is public and the other is private. Here we explain both;
Public investigations
Occur in the context of criminal cases usually conducted by the law enforcement officers and driven by the statutes in the criminal law. Examples of public investigations involve drug dealer’s sexual exploitation and theft.
Private investigations
Occur in the context of civil cases. In fact organizations try to avoid any sort of litigations due to the enormous cost associated with them therefore many of the private investigations turn out to be simply internal cases. Private investigations are typically conducted by corporations or any other types of organizations out there they’re driven by the statutes of the civil law or organizational policies. One of the most important things to consider in private investigations is business continuity. If your investigation is hurting your business continuity the investigation is not properly worth it, therefore your priory has to be really stopping the violations rather than litigating anybody. Some of the examples of private investigations involve Sabotage, embezzlement and industrial espionage.
Private vs. Public Investigation
The boundary between public and private investigation is not always very clear. For instance when you’re investigating an employee for a potential violation of company policies and somehow come across sexually explicit material, the case quickly turns into a public case thus, as a computer forensic it’s investigator you should be able to handle both public and private cases.
Secure Your Organization’s Mind with Securemind.se