Computer forensics is the scientific examination and analysis of data held on, or retrieved from, computer storage media in such a way that the information can be used as evidence in a court of law. The subject matter includes:
* The secure collection of computer data
* The examination of suspect data to determine details such as origin and content
* The presentation of computer based information to courts of law
* The application of a country’s laws to computer practice.
The objective in computer forensics is to recover, analyze and present computer based material in such a way that it is useable as evidence in a court of law.
The key phrase here is: ‘useable as evidence in a court of law.’ It is essential that none of the equipment or procedures used during the examination of the computer obviate this single requirement.
The Computer Forensic Priority
The science of computer forensics is concerned primarily with forensic procedures, rules of evidence and legal processes. It is only secondarily concerned with computers. Therefore, in contrast to all other areas of computing where speed is the main concern, in computer forensics the absolute priority is accuracy. We talk of completing work as efficiently as possible – that is as fast as possible without sacrificing accuracy.
The Accuracy vs Speed Conflict
In this seemingly frenetic world where the precious resource of time is usually at a premium, pressure is heaped upon us to work as fast as possible. Working under such pressure to achieve deadlines may induce people to take ‘shortcuts’ in order to save time.
In computer forensics, as in any branch of forensic science, the emphasis must be on evidential integrity and security. In observing this priority, every forensic practitioner must adhere to stringent guidelines. Such guidelines do not encompass the taking of ‘shortcuts’, and the forensic practitioner accepts that the precious resource of time must be expended in order to maintain the highest standards of work.
Some other Definition of Computer Forensics
Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts. (The word forensics means “to bring to the court.” ) Forensics deals primarily with the recovery and analysis of latent evidence. Latent evidence can take many forms, from fingerprints left on a window to DNA evidence recovered from blood stains to the files on a hard drive. Because computer forensics is a new discipline, there is little standardization and consistency across the courts and industry. As a result, it is not yet recognized as a formal “scientific” discipline. We define computer forensics as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.