KoolSpan U: Weekly Word Wednesday – Computer Forensics

Like forensic science, the goal of computer forensics is to perform an investigation on a computer or mobile device in order to analyze and preserve evidence from the device for use in a court of law. Computer forensics can be used to obtain evidence for a number of cybercrimes, including hacking, fraud and cyberstalking.

Generally, the steps involve physically isolating the device in question so as to ensure the device cannot be contaminated, making a digital copy of the device’s storage, and then storing the original device in a safe place. The digital copy is then searched thoroughly for hidden folders and deleted or encrypted files, and all evidence is logged for possible use in court trials or litigation.

Some techniques used during computer forensic investigations include cross-drive analysis, live analysis, and steganography, which is the process of hiding data inside images. Data is considered perishable, especially on devices with limited storage space, and thus it is important to begin the chain of events in a computer forensic investigation as soon as the device owner believes an investigation may be necessary.