QuickStudy: Computer forensics

Date: April 18, 2006
Source: COMPUTERWORLD


The television series CSI has given millions of viewers an appreciation of the role and importance of physical evidence in conducting criminal investigations. Each week, we see the confluence of fingerprints, DNA tests, autopsies, microscopic examinations and ballistic evidence used to solve a murder or explain the circumstances surrounding an unusual death. The drama lies less in the events that are portrayed than in the thinking that lies behind the collection, preservation and interpretation of the evidence needed to solve the case and support prosecution.

IT managers aren't likely to confront dead bodies on the job, but a rudimentary knowledge of evidence, as it relates to computer data, can help protect your organization's operations, data and processes. In today's computer-driven world, where networked e-mail and instant messaging are the communication norms, knowing how to collect, handle and analyze information on a miscreant's computers can be critical to a successful civil or criminal prosecution.

There are two categories of computer crime: criminal activity that involves using a computer to commit a crime, and criminal activity that has a computer as a target, such as a network intrusion or a denial-of-service attack. The same means of gathering evidence are used to solve both types of crimes. And the same kinds of skills used by the lawbreakers are needed to track them down.
Original article

---

Add comment  Email to a Friend