Computer Forensics

---

Computer forensics is the scientific process for examining data stored on, received from, or transmitted by electronic devices.

• evidence collected is called digital evidence or just electronic evidence
• goal is to find evidence that helps investigators analyze an event or incident
• sources of digital forensics:
  • computer systems
  • storage devices
  • mobile devices
  • networking equipment
• computer forensic examiners often specialize in a specific area

3 Areas of Computer Forensics

• Media Analysis
  • focuses on collecting and examining data stored on physical media
  • includes computer systems and storage devices
• Code Analysis
  • called malware forensics
  • focuses on reviewing programming code
  • looks for the signature of anything that has modified a system without permission
    • is the executable part of a malicious code
• Network Analysis
  • focuses on collecting and examining network traffic
  • reviews transaction logs and uses real-time monitoring to find evidence