The term Forensics (also known as Forensic Science) refers to the application of science and technology to investigate and establish facts in criminal or civil courts of law and originates from the Latin word "forensis".
Forensic Science includes the collection and analysis of evidence, such as DNA evidence, fingerprints, fibers and firearms; interpreting the results of tests done on the evidence; and creating reports about these conclusions. Forensic scientists must explain their conclusions to a Court of Law (Judge and Juries), Lawyers and Law Enforcement Agencies. When attending Court, a Forensic Scientist is often referred to as an Expert Witness.
Types of Forensics
Computer / Cyber Forensics
Computer Forensics, also known as Cyber Forensics, is the investigation and interrogation of computer systems through the preservation, identification, extraction, interpretation, and documentation of computer evidence. There are varied degrees of technical data that can be obtained via a computer forensic technician.
At a basic level, computer forensics is the analysis of information contained within a computer system in order to establish how a criminal act has been committed. Analysis of the computer system will need to identify who accessed the computer, when the system was accessed, how the systems was accessed and any corruption of the system (information downloaded, retrieved, viewed).
In many cases, the information gathered during a computer forensics investigation is not readily available or able to be viewed by a mainstream computer user. This might include items like deleted files and fragments of data that can only be found in the space allocated for existing files. Computer Forensic Technicians employ special skills and tools in order to obtain this type of information or evidence.
In computer forensics, there are three types of data that a Computer Forensic Technician may need to analyse:
• Active Data refers to data that is visible to the system's operating system or the application software with which it was created. Active data is accessible without modification or reconstruction, and would exclude data not stored on a local storage media or device. Active data may also refer to only the data that is currently displayed on a computer screen. Active data is the easiest type of data to obtain.
• Archival Data refers to data that has been backed up and stored. This could mean backup tapes, CD’s, or entire hard drives.
• Latent Data refers to the information that needs specialised tools to access. Latent data could be information that has been deleted, partially overwritten or information that is not inaccessible to the main computer user.
A computer Forensic Technician may be required to look at all of these data types, depending on the circumstances, in order to identify whether a criminal act has been committed.
In order to prove a criminal act or intent to commit a criminal act, Computer forensics is all about obtaining the evidence of a crime or breech of policy. It focuses on obtaining proof of the illegal misuse of computers in a way that could lead to the prosecution of the suspect.
Network forensics is the capture, recording, and analysis of network incidents to uncover the source of security breeches or other problem incidents. It involves seeking out and finding security attacks / issues and other problems within computer networks by identifying unusual patterns hidden within what appears to be legitimate network traffic.
Digital forensics is an area of forensic science that encompasses the recovery and investigation of material from any device that can produce and store digital data. Digital Forensics is associated with Computer Forensics but has now expanded to include devices such as mobile telephones, digital cameras, hard drives, portable memory sticks, i-pods and other media devices, Internet telephony systems (SKYPE), servers, routers, switches and wireless devices, blogs and forum posts, use of social networking sites.
Digital Forensics may also help investigations into identity theft fraud.
Digital Forensics can also be used to track and monitor user activity on a computer or network system.
Forensic Telecommunications / Mobile Phone Forensics
Forensic Telecommunications is an area of digital forensics that relates to the recovery of digital evidence or data from a mobile telephone.
This may also refer to any digital device that has both internal memory and the ability to communicate. Evidence that can be potentially obtained from mobile phone’s can come from several different sources, including SIM cards, memory cards and baseline handset information, such as User Phonebook / Contacts, Call Registers (Calls made / received / missed),SMS Content and registers (sent / received / saved) and IMEI/IMSI information.
Enhanced information is available via Smart phone, iphone and Blackberry technology that allows web browsing, wireless network settings (bluetooth), e-mail, internet media and data retained on smartphone 'apps'.
It is also possible to recover information that apperas to have been deleted by the user
This is done by extracting and decoding data directly from the device's memory.
Forensic pathologists are medical examiners who perform autopsies on individuals who have died unattended. They perform a thorough exterior examination of the body, collect evidence, and are responsible for determining the cause and time of death.
Forensic Scientists who specialise in ballistics are trained to identify and analyse firearms and the trajectory of bullets. They can help an investigation by identifying the origins of a bullet, the angle and location it was fired from and distance from the victim.
Crime Scene Investigation (CSI)
Crime scene investigation (CSI) is the process of examining a crime scene to obtain potential evidence by collecting, recording and preserving any evidence found.
Forensic Science Laboratory Analysis.
Forensic Scientists (Crime laboratory technicians) conduct their activities in special Forensic Laboratories. The laboratories usually operate in a sterile working environment as not to allow any contamination of evidence. The Forensic Scientists analyse evidence that is brought to them from a crime scene in order to help Law Enforcement Agencies recreate the events at the scene or help to identify a suspect. Evidence may include footprints, fingerprints, ballistics or weapons, bodily fluids (blood, semen, saliva) and other relevant material items.