U.S. flag

An official website of the United States government, Department of Justice.

Cyber Forensics: Part One

NCJ Number
Date Published
January 2007
3 pages
This article discusses cyber forensics within the context of current investigative needs.
With the advancement in electronic technology, researchers must pursue vigorous research and development on cyber forensic technology to prepare for cyber reconnaissance probes and attacks. Advances in technology have led to greater data storage capacity, and development and use of the Internet. Increases in the number of computer users have led to a plethora of cybercrime. To combat this problem, the field of cyber forensics focuses not only on traditional offline computer forensic technology, but on real-time, online evidence such as tracking emails and instant messages, as well as all other forms of computer related communications. Cyber forensics consists of two components: computer forensics and network forensics. Computer forensic science is the discipline of acquiring, preserving, retrieving, analyzing, reconstructing, and presenting data that has been processed electronically and stored on computer media, including networks for use in a court of law. The methods used must be technologically robust to ensure that all probative information is recovered, that original evidence is unaltered, and that no data were added to or deleted from the original collection. Generally, computer forensics investigations are performed after the crime or event occurred, as are investigations in traditional medical forensics. Files that have been lost or deleted by accident may be recovered by a forensic computer expert. Information potentially valuable to criminal or civil cases in a court of law are identified and collected using investigative techniques. In contrast, network forensics involves gathering digital evidence, which can be transient and not preserved with permanent storage media and is distributed across large-scale, complex networks. Network forensics is a more technically challenging area of cyber forensics since it deals with indepth analysis of computer network intrusion evidence. The difficulty lies in the commercial intrusion analysis tools which are inadequate to deal with today’s networked, distributed environments. References

Date Published: January 1, 2007