Digital forensics (sometimes Digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term was originally used as a synonym for computer forensics but has expanded to cover other devices capable of storing digital data.
Digital forensic investigations are generally much broader in scope than other areas of forensic analysis (where the aim is usually to provide answers to a series of simpler questions). The discipline evolved in a haphazard manner during the 1990s and it was not until the early 2000s that national policies were created.
Investigations usually take one of three forms; forensic analysis (where evidence is recovered to support or oppose a hypothesis before a criminal court), eDiscovery (a form of discovery related to civil litigation) or intrusion investigation (which is a specialist investigation into the nature and extent of an unauthorised network intrusion). The science of digital forensics is divided into several sub-branches; computer forensics, network forensics, database forensics and mobile device forensics.
As well as identifying direct evidence of a crime digital forensics can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources (for example in copyright cases) or authenticate documents.
Prior to the 1980s crimes involving computers were dealt with using existing laws. The first computer crimes were recognized in 1978 when the Florida Computer Crimes Act legislated against unauthorized modification or deletion of data on a computer system.[5][6] Over the next few years the range of computer crimes being committed increased, and laws were brougt in to deal with issues of copyright, privacy/harrassment (e.g. cyber bullying, cyber stalking, and online predators) and child pornography.[7][8] It was not until the 1980s that federal laws began to incorporate computer crime; Canada being the first, in 1983, followed by the US Federal Computer Fraud and Abuse Act in 1986, Australian amendments to their crimes acts in 1989 and the British Computer Abuse Act in 1990. More recently concern over cyber warfare and cyberterrorism have become important issues. A February 2010 report by the U.S. Joint Forces Command concluded:
Digital forensic investigations are generally much broader in scope than other areas of forensic analysis (where the aim is usually to provide answers to a series of simpler questions). The discipline evolved in a haphazard manner during the 1990s and it was not until the early 2000s that national policies were created.
Investigations usually take one of three forms; forensic analysis (where evidence is recovered to support or oppose a hypothesis before a criminal court), eDiscovery (a form of discovery related to civil litigation) or intrusion investigation (which is a specialist investigation into the nature and extent of an unauthorised network intrusion). The science of digital forensics is divided into several sub-branches; computer forensics, network forensics, database forensics and mobile device forensics.
As well as identifying direct evidence of a crime digital forensics can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources (for example in copyright cases) or authenticate documents.
Prior to the 1980s crimes involving computers were dealt with using existing laws. The first computer crimes were recognized in 1978 when the Florida Computer Crimes Act legislated against unauthorized modification or deletion of data on a computer system.[5][6] Over the next few years the range of computer crimes being committed increased, and laws were brougt in to deal with issues of copyright, privacy/harrassment (e.g. cyber bullying, cyber stalking, and online predators) and child pornography.[7][8] It was not until the 1980s that federal laws began to incorporate computer crime; Canada being the first, in 1983, followed by the US Federal Computer Fraud and Abuse Act in 1986, Australian amendments to their crimes acts in 1989 and the British Computer Abuse Act in 1990. More recently concern over cyber warfare and cyberterrorism have become important issues. A February 2010 report by the U.S. Joint Forces Command concluded:
“ Through cyberspace, enemies will target industry, academia, government, as well as the military in the air, land, maritime, and space domains. In much the same way that airpower transformed the battlefield of World War II, cyberspace has fractured the physical barriers that shield a nation from attacks on its commerce and communication. ”
In response to the growth in computer crime during the 1980s and 90s law enforcement agencies began to establish specialized investigative groups, usually at the national level. During the 1990s demand for the national resources was high leading to the creation of regional and even local units. Digital forensics evolved, during this time, from a number of ad-hoc tools and techniques rather than from the scientific community (in contrast to other forensic sciences). The rapid development of the discipline resulted in a lack of standardization and training. In his 1995 book, "High-Technology Crime: Investigating Cases Involving Computers", K Rosenblatt writes:
“ Seizing, preserving, and analyzing evidence stored on a computer is the greatest forensic challenge facing law enforcement in the 1990's. Although most forensic tests, such as fingerprinting and DNA testing, are performed by specially trained experts the task of collecting and analyzing computer evidence is often assigned to patrol officers and detectives ”
In 2002, in response to this need, the Scientific Working Group on Digital Evidence (SWGDE) published it's "Best practices for Computer Forensics". A subsequent 2005 ISO standard (ISO 17025 General requirements for the competence of testing and calibration laboratories) was published and commercial companies began to offer certification and training programs........
DOWNLOAD PAPERS :