What is Computer Forensics?
Computer forensics is simply the application of disciplined investigative techniques in digital storages and the search, discovery, and analysis of potential evidence. It is the method used to investigate and analyze data maintained on or retrieved from electronic data storage media for the purposes of presentation in a court of law, civil or administrative proceeding. Evidence may be sought in a wide range of computer crime or misuse cases. Computer forensics is rapidly becoming a science recognized on a par with other forensic sciences by the legal and law enforcement communities. As this trend continues, it will become even more important to handle and examine computer evidence properly. Not every department or organization has the resources to have trained computer forensic specialists on staff.
Computer evidence has become a fact of life for essentially all law enforcement agencies and many are just beginning to explore their options in dealing with this new venue. Almost overnight, personal computers, PDAs, smartphones have changed the way the world does business. They have also changed the world’s view of evidence because computers are used more and more as tools in the commission of traditional crimes. Evidence relative to embezzlement, theft, extortion and even murder has been discovered on personal computers. This new technology twist in crime patterns has brought computer evidence to the forefront of law enforcement circles.
We expand on these definitions to define computer forensics as:
Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis.
These activities are undertaken in the course of a computer forensic investigation of a perceived or actual attack on computer resources. Evidence might be required for a wide range of computer crimes and misuses.
Drawbacks of Computer Forensics:
There are many things that preventing Computer Forensics to grow further. These can be categorized into technical, administrative and legal issues.
- Encryption: The data is being encrypted at any level using complex algorithms and it is almost impossible to decrypt and read such data in many cases unless you get the secret key to decrypt the data.
- Large storage data: With the advanced storage techniques (SAN), the amount of data that you would have to analyze and search for is growing in terabytes. Even though the new techniques like Apache Hadoop, Machine Learning are helping in dealing with the big data, still it is an open challenge to tackle the huge amount of scattered data.
- Administrative & Legal Issues: It is illegal to access someone’s personal data when the person is not committing any crime. Only a specialized branch can carry out such operations.
With the amount of increase in cybercrimes, computer forensics has been playing a bigger role. With the legal and technical limitations in computer forensics, the number of crimes that should be actually caught is not matching the expected numbers but still, it has helped to investigate some of the important cases and money laundering.