| Computer forensics is the process of using | | | | the organizations fail to protect customer |
| the latest knowledge of science and | | | | data. Organization money can also be saved by |
| technology with computer sciences to collect, | | | | applying computer forensics. Some mangers and |
| analyze and present proofs to the criminal or | | | | personnel spent a large portion of their IT |
| civil courts. Network administrator and | | | | budget for network and computer security. It |
| security staff administer and manage networks | | | | is reported by International Data Corporation |
| and information systems should have complete | | | | (IDC) that software for vulnerability |
| knowledge of computer forensics. The meaning | | | | assessment and intrusion detection will |
| of the word "forensics" is "to bring to the | | | | approach $1.45 billion in 2006. |
| court". Forensics is the process which deals | | | | |
| in finding evidence and recovering the data. | | | | As organizations are increasing in number and |
| The evidence includes many forms such as | | | | the risk of hackers and contractors is also |
| finger prints, DNA test or complete files on | | | | increase so they have developed their own |
| computer hard drives etc. The consistency and | | | | security systems. Organizations have |
| standardization of computer forensics across | | | | developed security devices for their network |
| courts is not recognized strongly because it | | | | like intrusions detection systems (IDS), |
| is new discipline. | | | | proxies, firewalls which report on the |
| | | | security status of network of an |
| It is necessary for network administrator and | | | | organization. So technically the major goal |
| security staff of networked organizations to | | | | of computer forensics is to recognize, |
| practice computer forensics and should have | | | | gather, protect and examine data in such a |
| knowledge of laws because rate of cyber | | | | way that protects the integrity of the |
| crimes is increasing greatly. It is very | | | | collected evidence to use it efficiently and |
| interesting for mangers and personnel who | | | | effectively in a case. |
| want to know how computer forensics can | | | | |
| become a strategic element of their | | | | Investigation of computer forensics has some |
| organization security. Personnel, security | | | | typical aspects. In first area computer |
| staff and network administrator should know | | | | experts who investigate computers should know |
| all the issues related to computer forensics. | | | | the type of evidence they are looking for to |
| Computer experts use advanced tools and | | | | make their search effective. Computer crimes |
| techniques to recover deleted, damaged or | | | | are wide in range such as child pornography, |
| corrupt data and evidence against attacks and | | | | theft of personal data and destruction of |
| intrusions. | | | | data or computer. |
| | | | |
| These evidences are collected to follow cases | | | | Second, computer experts or investigators |
| in criminal and civil courts against those | | | | should use suitable tools. The investigators |
| culprits who committed computer crimes. The | | | | should have good knowledge of software, |
| survivability and integrity of network | | | | latest techniques and methods to recover the |
| infrastructure of any organization depends on | | | | deleted, encrypted or damaged files and |
| the application of computer forensics. In the | | | | prevent further damage in the process of |
| current situations computer forensics should | | | | recovery. |
| be taken as the basic element of computer and | | | | |
| network security. It would be a great | | | | In computer forensics two kinds of data are |
| advantage for your company if you know all | | | | collected. Persistent data is stored on local |
| the technical and legal aspects of computer | | | | disk drives or on other media and is |
| forensics. If your network is attacked and | | | | protected when the computer is powered off or |
| intruder is caught then good knowledge about | | | | turned off. Volatile data is stored in random |
| computer forensics will help to provide | | | | access memory and is lost when the computer |
| evidence and prosecute the case in the court. | | | | is turned off or loses power. Volatile data |
| | | | is located in caches, random access memory |
| There are many risks if you practice computer | | | | (RAM) and registers. Computer expert or |
| forensics badly. If you don't take it in | | | | investigator should know trusted ways to |
| account then vital evidence might be | | | | capture volatile data. Security staff and |
| destroyed. New laws are being developed to | | | | network administrators should have knowledge |
| protect customers' data; but if certain kind | | | | about network and computer administration |
| of data is not properly protected then many | | | | task effects on computer forensics process |
| liabilities can be assigned to the | | | | and the ability to recover data lost in a |
| organization. New rules can bring | | | | security incident. |
| organizations in criminal or civil courts if | | | | |