Computer forensics is the process of analysing data created or contained within computer systems with the intention of finding out what happened, how it happened, when it happened and the people involved.
This process identifies, collects, analyses and preserves the electronically stored information so that the data can be obtained later and used as evidence in court.
Examples of common situations in which computer forensics is used include:
- When corporate information is disclosed without permission, either by accident or by design.
- When an employee steals intellectual property from their employer and passes it to a competitor or uses it to set up a competing company.
- When an employee violates a computer policy, such as when and how to use the Internet. Some organisations have rules on how the computer or the Internet should be used. If the systems in the office are used for any illegal activity, computer forensics can help determine when and how these illegalities happened.
- Damage analysis and assessment after an incident has occurred.
- White-collar crimes. These are nonviolent and financially-motivated crimes that are committed by government or business professionals. These crimes include identity theft, Ponzi schemes and advance fee schemes. White-collar crimes can wipe out life savings, destroy companies or cost investors billions in losses. Computer forensics can be used to help in investigating such crimes.
- Industrial espionage. This involves stealing trade secrets from a competitor by recording or copying confidential documents. Examples of documents involved include secret formulas, product specifications and business plans. Industrial espionage is an illegal activity, and computer forensics can help during investigations.
- This involves deliberately providing false or misleading information to gain something unfairly. A lot of fraud is perpetrated through the Internet or with the help of technology, and computer forensics can help investigate these crimes.
- Sexual harassment, deception and negligence.
- Collection of information that may be used to terminate a person’s employment in future.
- General criminal and civil cases. This is because criminals sometimes store information in computers.
- Commercial organizations and companies can also use computer forensics to help them in cases of intellectual property theft, forgeries, employment disputes, bankruptcy investigations and fraud compliance.
Law enforcers sometimes need computer forensics to investigate a crime. The computer system itself may act as a scene of a crime in cases of denial-of-service attacks and hacking.
The computer system may also hold evidence of the crime. A lot of people may also store information in computer systems unwittingly or unintentionally.
Evidence that computer forensics investigations produces may be in the form of emails, documents and Internet history. There may also be files relevant to crimes such as kidnapping, drug trafficking, money laundering or fraud.
In addition to the information on the computer, law enforcement officers may use a file’s metadata to find out more about a particular crime. The computer forensics analyst will determine when the file was first created, when it was edited and when it was printed or last saved. The forensics examination can also determine which user carried out these activities.
In all of these cases, the evidence must be acquired and handled properly to be admissible in court. This is the only way the acquired information can serve as evidence and used to support allegations or defend a person from accusations.