The wide adoption of information technology and social media platforms is leading to increasing complex cybercrime, including corporate espionage, cyberwarfare, information warfare and sextortion. Newer means of communications technologies such as social networking has also promoted cybercrime acts. The mass production of handheld devices and smart devices had made computing easier. However, these devices bring several cybercrime risks. Owing to mass computer usage, almost every crime has computer crime part in it. As a result, digital forensics has become part of every kind of crime investigation in the last decade. The challenges of digital forensics stem relate to lack of clarity between computer forensics and information security, legal issues, technology, expertise, and organizational culture. This paper discusses the differences between computer forensics and information security (cybersecurity). The paper also discusses overview of the field of computer forensics.
Differences between Computer Forensics and Information Security
The field of Computer Forensics have become one of the most important and lucrative fields in recent times due to the rise of cybercrime rate the last decade. As discussed in the last publication, computer forensics are often perceived as identical to cybersecurity (information security), but they are not. The misuse of these terms has created confusion for those who are interested in pursuing a career or employing people in one of these exciting and growing fields. Knowing the differences helps hiring managers to identify which person qualifies for a position. Sans Institute defined information security (cybersecurity) as the processes and methodologies which are designed and implemented to protect, secure, and defend information systems to ensure confidentiality, integrity, and availability of information. Computer (Digital) forensics, however, is a branch of the criminal justice system which deals with computer (cybercrimes). Computer forensics is a broad term referring to the search for and detection, recovery and preservation of evidence found on digital systems, often for criminal or civil legal purposes. While information security is a branch of information technology, computer forensics is a branch of criminal justice system which deals with scientific principles used to identify computer criminals and evidence against them. Although computer forensics experts understand how criminals break information security, techniques in computer forensics do not ensure confidentiality, integrity and availability of information systems.
Computer forensics can sometimes involve the acquisition of evidence concerning events in the physical world — for example, recovering deleted emails that link a suspect to a murder or other crime.
The Relationship Between Computer Forensic and Information Security
The relationship between computer forensics and information security can be likened to the relationship between police patrol officer and police detective officer. These two individuals understand how each person works; the skills needed in police patrol and police detective are not the same. The patrol officer’s task is largely to prevent offenses from occurring or notice and act when they’re happening. The detective’s job is to investigate offenses after the event, determine how they occurred and identify the party or parties responsible. Computer forensics job can be likened to police detective. Forensics experts only detects how security protocols were broken.
While there may be quite a bit of overlap in duties with other cyber security occupations, digital forensic experts focus on past events rather than the prevention of current or future happenings. A digital forensic investigator will gather evidence from a computing device so that it can be presented in court, conducting a thorough digital investigation and building a documented chain of evidence.
Forensics role overlaps in information at cyber-incidence response and security operations, especially when a crime has been committed and management wants to acquire evidence to prosecute the criminal.
Computer forensics experts can operate effectively as security practitioner with much security training and certifications. Computer forensics investigators use a variety of techniques and proprietary software forensic applications to examine the copy, searching hidden folders and unallocated disk space for copies of deleted, encrypted, or damaged files. This evidence is then verified against the original device and collated in a finding report, which is leveraged in any subsequent legal proceedings.
Current State of Digital Forensics
The field of digital forensics is still in its formative years even though the field had existed for over four decades now. The rapid advancement in information and communication technologies has brought various kinds of cybercrimes. Each type of cybercrime also requires special tools, techniques and expertise for investigations and examinations.
Due to technology innovations, the field of digital forensics continues to evolve. Currently, through technology inventions, artificial intelligence, and scientific principles, it possible to carry out various tasks associated with cybercrime. It is even possible to defeat cybercriminals’ anti forensic techniques. Forensics practitioners can even undelete or reconstruct evidence which have been intentionally or unintentionally destroyed (deleted).
The industry tools (used for digital forensics) have been built to handle various aspects of the cyber cybercrime investigations. The only factor which hinders the effectiveness of current digital forensics tools is the rapid evolution of information technologies and social media technologies Cybercrime investigators are now aware of the volatility of data in memory of computer system. Rapid growth in cybercrime rate has resulted in multiple several job openings in computer forensics.
By Sam O. Aduafo
Member of Institute of ICT Professionals, Ghana (IIPGH), CyberGhana and advancedevidence.com|| firstname.lastname@example.org)