‘‘Computer forensics’’ is a generic term that refers to the search, recovery, and preservation of digital evidence found on information systems while investigating criminal or civil cases. Information systems include any number of stand-alone or networked computers and other electronic devices, including portable media such as cell phones, PDAs, flash drives, CDs, DVDs, pagers, video games, MP3 players, and so forth. As a law enforcement, private investigation, and scientific discipline, computer forensics began during the early 1990s as personal computers (PCs) became popular among business and residential users. The misuse of PCs to violate acceptable use policies, violate computer crime laws, or harm people in other ways led to the onset of computer forensics and advancements within this field. Law enforcement in particular needed policies, procedures, and tools to identify, collect, and preserve digital evidence of various types of cybercrimes increasingly being committed by criminals.
Whereas most forensic processes are comparative in nature (i.e., involving comparison of evidentiary patterns against known samples of fingerprints, DNA, ballistics tests, controlled substances, and tool marks, etc.), computer forensics consists mainly of searching for evidence and artifacts that indicate use, possession, or ownership of digital evidence. For this reason computer forensics is like archeology insofar as the examiner is looking for evidence and artifacts that provide information from the past about who possessed, owned, and used certain things (i.e., computerized files) and for what purposes. And like sciences underlying information technology (e.g., mathematics, physics, electronics, and chemistry), the scientific nature of computer forensics relies upon tested and verified processes recognized in courts of law for identifying and protecting incriminating data.
Securing and processing digital evidence requires special knowledge and tools to ensure that evidence is properly maintained for future presentation in a court of law. These tools consist of hardware devices and software designed to prevent changes to digital evidence being examined. These tools allow for duplication of digital evidence in a format that can be safely examined and allow for examination of data at a level that ordinary users cannot see. Many of these special software tools were originally stand-alone programs or applications that performed a narrowly focused task.
Improvements in this technology now combine computer forensic tools into a suite of software capable of performing a multitude of examination and recovery tasks. Locating, securing, analyzing, and presenting digital evidence in court or other official hearings requires special knowledge and skills in using hardware and software tools. These tools allow investigators to duplicate incriminating evidence so it can be safely examined without the risk of accidentally damaging or destroying the original data. The tools not only provide protection to the data but allow for examination of the data at a level that the ordinary users cannot view or manipulate. Early software tools used by computer forensics experts were stand-alone software applications that performed narrowly focused types of analysis. Today many of those programs are combined into a suite of software tools capable of performing a multitude of examination and recovery tasks.
Tidak ada komentar:
Posting Komentar