Computer forensics is pertaining to evidence found on computers, phones and all forms of storage media. The aim is to identify, analyze, recover, collect and present digital information for use in criminal and civil cases with the main purpose of convicting or exonerating an accused.
Although computer forensics is mostly used to investigate computer crimes like hacking and fraud; today it’s also used to investigate crimes like espionage, cyberstalking and murder. The scope of a forensic analysis can vary from simple information retrieval to reconstructing a complete timeline of events. In a 2002 book Computer Forensics authors Kruse and Heiser define it as involving “the preservation, identification, extraction, documentation and interpretation of computer data“.
Computer forensic investigation, includes a manual review of data, keyword searches for topics related to the crime, extracting emails and pictures, data recovery for retrieving deleted evidence and password cracking for retrieving locked evidence.
To be admissible in court, the evidence must be authentic and reliably obtained. Countries have different guidelines pertaining to evidence collection. Various open-source and commercial tools are available for computer forensics investigation. We will discuss some of these later this year.
Computer Forensics Certification
I suggest starting small when pursuing a career in computer forensics. The Asian School of Cyber Law offers international level certifications in Digital Evidence Analysis and Digital Forensic Investigation. Sign up for some of their free courses first to test the water. I will still be reviewing some of these free courses later in the year.
Some commercial forensic software companies are offering proprietary certifications on their products. For example, Guidance Software offering (EnCE) certification, AccessData offering (ACE) and X-Ways Software Technology offering (X-PERT).
There are also several other certifications available, such as the The International Society of Forensic Computer Examiners (ISFCE) Certified Computer Examiner (CCE) certification, Digital Forensics Investigation Professional (DFIP) certification, the Information Assurance Certification Review Board (