About 30 minutes ago or so I was having a general chat with Krishna C Mandava, one the moderators from Google Community, and he was telling me about this new course called Computer Forensics might be a good idea for me to do, and I thought wait a minute I like Forensics and I like Computers, would Computer Forensics not be a great course for me to do, just one problem though, I’m already studying a Foundation Degree in IT and then will move onto the Honours Degree in IT, so as you can see I don’t think I will want to do another course not after having done what I’m doing now.

Nevertheless I’m keeping an open mind about it, there’s no stopping me from studying it at a later date, for that reason I did some investigation about Computer Forensics to find out what it’s all about, here’s a little bit of information I found!

1. What is Computer Forensics?
There a number of slightly varying definitions around. However, generally, computer forensics is considered to be the use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded.

2. What is the objective of this?
Usually to provide digital evidence of a specific or general activity.

3. To what ends?
A forensic investigation can be initiated for a variety fo reasons. The most high profile are usually with respect to criminal investigation, or civil litigation, but forensic techniques can be of value in a wide variety of situations, including perhaps, simply re-tracking steps taken when data has been lost.

4. What are the common scenarios?
Wide and varied! Examples include:
– Employee internet abuse (common, but decreasing)
– Unauthorized disclosure of corporate information and data (accidental and intentional)
– Industrial espionage
– Damage assessment (following an incident)
– Criminal fraud and deception cases
– More general criminal cases (many criminals simply store information on computers, intentionally or unwittingly)
– and countless others!

5. How is a computer forensic investigation approached?
It’s a detailed science. However, very broadly, the main phases are sometimes considered to be: secure the subject system (from tampering during the operation); take a copy of hard drive (if applicable); identify and recovery all files (including those deleted); access/copy hidden, protected and temporary files; study ‘special’ areas on the drive (eg: residue from previously deleted files); investigate data/settings from installed applications/programs; assess the system as a whole, including its structure; consider general factors relating to the users activity; create detailed report. Throughout the investigation, it is important to stress that a full audit log of your activities should be maintained.

6. Is there anything that should NOT be done during an investigation?
Definitely. However, these tend to be related to the nature of the computer system being investigated. Typically though, it is important to avoid changing date/time stamps (of files for example) or changing data itself. The same applies to the overwriting of unallocated space (which can happen on re-boot for example). ‘Study don’t change’ is a useful catch-phrase.

And here’s an overview of the BSc(Hons) Cyber Security and Computer Forensics joint honours course as posted on the Kingston University London Website.

OVERVIEW
This new course could be an ideal choice if you are interested in how computers can be used to prevent and solve crime. In addition to gaining a thorough knowledge of core computer science subjects, you will learn how to perform and evaluate rudimentary computer forensic investigations as well as how to make systems more secure using biometric technologies such as voice scans and iris scans.

Biometric technologies are used in the following sectors where there could be a digital threat: public services, law enforcement, banking, physical access control and computing and networking. In addition to learning about the practical elements of these systems, you will also look at the legal and privacy issues surrounding subject.

Computer Forensics World
Kingston University London