Computer Forensics Definitions
Author: admin | Category: Cyber Forensics | Leave a Comment
According to Albert J. Marcella Jr and Douglas A. Menendez, cyber forensics, e-discovery (electronic evidence discovery), digital forensics, and computer forensics mean relatively the same thing yet none has emerged as a defacto standard.They further present a working definition of computer forensics as follows.
Computer forensics is the science of locating, extracting, and analyzing types of data from different devices, which specialists then interpret to serve as legal evidence.
They further define that, Computer forensics is the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.
E-discovery is the preservation, processing, review, and production of computer evidence in response to civil litigation discovery requirements.
E-discovery refers to the discovery of electronic documents and data. Electronic documents include e-mail, Web pages, word processing files, computer databases, and virtually anything that is stored on a computer. Technically, documents and data are “electronic” if they exist in a medium that can be read only through the use of computers. Such media include cache memory, magnetic disks (such as computer hard drives or floppy disks), optical disks (such as DVDs or CDs), and magnetic tapes. E-discovery is often distinguished from “paper discovery,” which refers to the discovery of writings on paper that can be read without the aid of some devices.
Reference:
CYBER FORENSICS A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes.
Second Edition
Albert J. Marcella, Jr. Doug Menendez
OK, Let look at few more definitions.
Digital forensics has been defined as “the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations”
Computer forensics is defined as “a methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format” (Dr. H.B. Wolfe)
According to Steve Hailey, Cybersecurity Institute, computer forensics is “The preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing expert opinion in a court of law or other legal and/or administrative proceeding as to what was found.”
FBI defines computer forensics as an application of science and engineering to the legal problem of digital evidence.
James Borek (2001), computer forensics is “equivalent of surveying a crime scene or performing an autopsy on a victim”.
Computer forensics is “the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.” (DFRWS 2001)