| Computer forensics is the process of | | | | New rules can bring organizations in |
| using the latest knowledge of science | | | | criminal or civil courts if the |
| and technology with computer sciences to | | | | organizations fail to protect customer |
| collect, analyze and present proofs to | | | | data. Organization money can also be |
| the criminal or civil courts. Network | | | | saved by applying computer forensics. |
| administrator and security staff | | | | Some mangers and personnel spent a large |
| administer and manage networks and | | | | portion of their IT budget for network |
| information systems should have complete | | | | and computer security. It is reported by |
| knowledge of computer forensics. The | | | | International Data Corporation (IDC) |
| meaning of the word "forensics" is "to | | | | that software for vulnerability |
| bring to the court". Forensics is the | | | | assessment and intrusion detection will |
| process which deals in finding evidence | | | | approach $1.45 billion in 2006. |
| and recovering the data. The evidence | | | | As organizations are increasing in |
| includes many forms such as finger | | | | number and the risk of hackers and |
| prints, DNA test or complete files on | | | | contractors is also increase so they |
| computer hard drives etc. The | | | | have developed their own security |
| consistency and standardization of | | | | systems. Organizations have developed |
| computer forensics across courts is not | | | | security devices for their network like |
| recognized strongly because it is new | | | | intrusions detection systems (IDS), |
| discipline. | | | | proxies, firewalls which report on the |
| It is necessary for network | | | | security status of network of an |
| administrator and security staff of | | | | organization. So technically the major |
| networked organizations to practice | | | | goal of computer forensics is to |
| computer forensics and should have | | | | recognize, gather, protect and examine |
| knowledge of laws because rate of cyber | | | | data in such a way that protects the |
| crimes is increasing greatly. It is | | | | integrity of the collected evidence to |
| very interesting for mangers and | | | | use it efficiently and effectively in a |
| personnel who want to know how computer | | | | case. |
| forensics can become a strategic element | | | | Investigation of computer forensics has |
| of their organization security. | | | | some typical aspects. In first area |
| Personnel, security staff and network | | | | computer experts who investigate |
| administrator should know all the issues | | | | computers should know the type of |
| related to computer forensics. Computer | | | | evidence they are looking for to make |
| experts use advanced tools and | | | | their search effective. Computer crimes |
| techniques to recover deleted, damaged | | | | are wide in range such as child |
| or corrupt data and evidence against | | | | pornography, theft of personal data and |
| attacks and intrusions. | | | | destruction of data or computer. |
| These evidences are collected to follow | | | | Second, computer experts or |
| cases in criminal and civil courts | | | | investigators should use suitable tools. |
| against those culprits who committed | | | | The investigators should have good |
| computer crimes. The survivability and | | | | knowledge of software, latest techniques |
| integrity of network infrastructure of | | | | and methods to recover the deleted, |
| any organization depends on the | | | | encrypted or damaged files and prevent |
| application of computer forensics. In | | | | further damage in the process of |
| the current situations computer | | | | recovery. |
| forensics should be taken as the basic | | | | In computer forensics two kinds of data |
| element of computer and network | | | | are collected. Persistent data is stored |
| security. It would be a great advantage | | | | on local disk drives or on other media |
| for your company if you know all the | | | | and is protected when the computer is |
| technical and legal aspects of computer | | | | powered off or turned off. Volatile data |
| forensics. If your network is attacked | | | | is stored in random access memory and is |
| and intruder is caught then good | | | | lost when the computer is turned off or |
| knowledge about computer forensics will | | | | loses power. Volatile data is located in |
| help to provide evidence and prosecute | | | | caches, random access memory (RAM) and |
| the case in the court. | | | | registers. Computer expert or |
| There are many risks if you practice | | | | investigator should know trusted ways to |
| computer forensics badly. If you don't | | | | capture volatile data. Security staff |
| take it in account then vital evidence | | | | and network administrators should have |
| might be destroyed. New laws are being | | | | knowledge about network and computer |
| developed to protect customers' data; | | | | administration task effects on computer |
| but if certain kind of data is not | | | | forensics process and the ability to |
| properly protected then many liabilities | | | | recover data lost in a security |
| can be assigned to the organization. | | | | incident. |