Project Report

Types of Digital Forensics

There are many types of Digital forensics the most important ones are Computer Forensics and Network Forensics, although they both branch from Digital Forensics they differ in the ways they are used to collect evidence.

 

Computer Forensics:-

 To start with, Computer forensics is the exercise of:

1- Identifying evidence from digital media

2- Extracting evidence from digital media

3- Considering evidence from digital media such as computer and hard drives

 

In the field of computer forensics, data can be gathered from many sources which may include computer messaging, the Internet, e-mails, disks, CDs and printouts made by a specific computer. Computer proof that are appropriately collected and analyzed through accepted computer forensic protocols is an important component to any internal implementing and check in this way evidence can be research in a wide range of computer incidents, including but not restricted to:

Theft of Company Secrets:

·         Trust Card Fraud

·         Pilfering

·         Central Crimes

·         Identity Theft

 

 

Simply stated, computer forensics can be used to research any crime indirectly related or incident directly to a computer. It is known that the digital evidence is both fragile and volatile for this purpose it requires the attention of a certified specialist to ensure that valuable data can be effectively extracted and secured in a scientific method. Computer forensics is not to be confused with the more general term of 'Forensic Computing'. Forensic Computing is known as the analyzing of all types of evidence wither it is digital or accessories, whether they be of a communication nature or computing. Computer forensics, in a strict sense, applies specifically to the valuation of computers data processing devices and or data storage.

 

Network Forensics:-

Network forensics is also known as the sub-branch of digital forensics unlike computer forensics it is different because instead of identifying digital evidence it:

1- Monitors computer network traffic

2- Analysis computer network traffic for the purposes of information collecting

3- Deals with volatile and dynamic information

4- Intrusion Detection

“It is known that network traffic is transmitted and then lost because of this network forensics is often considered a pro-active implementing” (Forensics Wiki, 2011).

 

Network forensics is mostly used for two reasons. The first, is relating to security, which means monitoring a network for identifying interruptions and huge traffic that might be created by hackers to a hosted database on a privet network. The second reason of Network forensics relates to law implementation. For example by analyzing the captured network traffic and implementing secured tasks to reassembling the transferred files such as emails, chat sessions and searching for keywords.

 

In a simple manner, Computer and Network forensics are both used to collect evidence but in different ways. Forensics can have advantages and disadvantages. As for the advantages, you can retrieve data from the hard disk drive and make a copy of it then you will be able to analyze the data in a quick way. While the disadvantages are that it is expensive and it takes a lot of time to retrieve the data and if you want to capture the evidence at the crime scene place, a third party should be involved.