What is Computer Forensics?

Computer Forensics is formally defined as:

“The gathering and analysis of digital information in an authentic, accurate and complete form for presentation as evidence in a civil proceeding or a court of law”

Digital Evidence is defined by the Scientific Working Group for Digital Evidence (SWGDE, U.S. DOJ) as:

“Any information of probative value that is either stored or transmitted in binary form”

Computer Forensics is NOT:

• “Data recovery”
• Something that can be done with software alone
• Something that can be performed by anyone other than a trained and certified digital forensic practitioner

It is estimated that over 85% of all crimes committed today leave a trail of digital evidence.

Where did Computer Forensics get its Start?

Computer Forensics as an emerging science finds its roots as a discipline developed by U.S. federal law enforcement agents during the mid to late 1980’s;

1. After the release of the first IBM PC to mainstream businesses in 1981, federal law enforcement noticed the emergence of “white-collar” crimes being committed with the assistance of the new PC’s;
2. By 1985, the U.S. Federal Law Enforcement Training Center (FLETC) started training agents in conducting investigations in the “automated environment”;
3. By 1989, FLETC’s Financial Fraud Institute (FFI) started creating software and protocols to deal with the emerging discipline of “computer forensics”; and
4. Today, the science of “Computer Forensics” encompasses a variety of disciplines, to include computers, telecommunications, law enforcement, security, networks, electronics and the criminal justice system.

Who should be Aware of Computer Forensics?

The obvious choices seem to be any governmental agency that is involved with criminal or terror related investigations, but it goes beyond that scope.

All companies and organizations Digital Forensic knowledge and skills will benefit for companies and organizations which might:

• Take an action against an employee based on digital evidence.
• Look for evidence of tampering or network hacking.
• Need to submit any digital evidence for civil or criminal cases in a court of law.

Too often, the term forensics is associated with some criminal investigation, when it is actually related to any civil and/or criminal court case.

Example: An employee firing. It is becoming more frequent that the evidence supporting a termination is some type of digital artifact. Some common cases might be:

• Embezzlement
• Inappropriate use of the internet/Email
• Corporate Espionage
• Network Security / Hacking
• Proof of sexual harassment
• And any other criminal or procedural violation that may have a digital artifact to support the allegation.

• Prove that the offense took place?
• Prove that the employee committed the offense?
• Prove that the evidence you acquired was not tampered with from the time of the recovery?
• Prove that the evidence is authentic, accurate, and that the results are repeatable?

If you can’t do the above, then you have no case. Odds are that an attorney who is knowledgeable about Computer Forensics would have your evidence thrown out and your organization will by liable for damages.

And finally, those governmental or investigative agencies which need to be able to successfully prosecute or defend any case where digital evidence are key. These involve investigations such as:

• Terrorist Activities
• Illegal pornography
• Acts of Fraud or Counterfeiting
• And the list goes on....

In summary, there are many job descriptions that will benefit from this training depending on industry segment – general network administration, law enforcement, insurance investigations, litigation support and criminal defense to name a few.

Upon completion of Mile2 DF courses, the student will receive the knowledge necessary to properly place a computer or digital device into evidence custody, conduct an advanced digital forensic investigation and execute advanced reporting procedures.