Learn about specialized areas in computer forensics.
- [Instructor] As computer forensics expands itself into cyber and digital domains, specialization is essential because it's impossible for one person to know it all. Investigations in cyber spaces require expertise in computer networking because monitoring pass network traffic establishes evidence after a cyber crime happens. This involves looking for traces of crime and all the possible elements of what constitutes a computer network including computers, switches and routers.
Many computers host programs called servers that provide services to another program or remote users. Servers and the clients can both be the origins and the destinations of computer network communications and should be subject to close scrutiny. The emphasis on computer networking is why we collectively call the cybercrime-centric investigation techniques network forensics.
One of the conventional subfields of computer forensics is that of operating systems or OS. The shear number of different OSs and their versions warrant a specialty of its own. The third major specialization focuses on the World Wide Web. These days I find myself doing a majority of my computing tasks in a web browser. I use a web client to check my emails, I edit my documents in Google Docs, I watch videos on YouTube.
My Google Chrome frequently takes up more than a half of resources on my personal computer or PC. Just because of the dominance of the web and its applications in our everyday lives, unique web-specific forensics approaches are necessary and are of high demand. Cloud forensics is another trend shaping our information technology adoption. The cloud now powers most of the applications we're accessing through the web.
And criminals have already started exploiting cloud users which is why cloud forensics is becoming a major digital forensics subfield. To comprise web and cloud security, criminals sponsor the development of malicious software or malware. The complexity of malware is increasing as law breakers understand its value and invest more resources in producing more sophisticated attack software.
To effectively address malware challenges in computer forensics, expert knowledge is a must. Mobile computing devices have software and hardware characteristics fundamentally different from desktop computers. The form factors are different, so are the OSs such as iOS and Android. Tablets and mobile phones are quickly becoming mainstream and we use less and less time on our PCs.
We definitely need a specialized treatment here and mobile forensics is a response to this need. Email forensics is the last specialization I'd like to bring up. People are spending a big portion of their professional lives checking emails and the same also applies to criminals who exchange emails to coordinate their illegal activities. The significance of email in digital forensics is high enough to deserve a specialization.
As the ideal landscape changes, digital forensics must keep up with the advancement of the field. Specialization is a coping mechanism and a discipline of digital forensics will become even more diverse. I feel lucky to be part of this dynamic industry of digital forensics.
- Goals of computer forensics
- Pursuing a career in computer forensics
- Using a hex editor
- File system fundamentals
- Partitioning a data storage device
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report