skip navigation

Justinfo Subscribe to Stay Informed

Add your conference to our Justice Events calendar


NCJRS Abstract


Subscribe to Stay Informed
Want to be in the know? JUSTINFO is a biweekly e-newsletter containing information about new publications, events, training, funding opportunities, and Web-based resources available from the NCJRS Federal sponsors. Sign up to get JUSTINFO in your inbox.

The document referenced below is part of the NCJRS Library collection.
To conduct further searches of the collection, visit the NCJRS Abstracts Database.

How to Obtain Documents
NCJ Number: NCJ 220983     Find in a Library
Title: Cyber Forensics: Part One
  Document URL: HTML 
Author(s): Dr. Susan Zucker
Date Published: 01/2007
Page Count: 3
  Annotation: This article discusses cyber forensics within the context of current investigative needs.
Abstract: With the advancement in electronic technology, researchers must pursue vigorous research and development on cyber forensic technology to prepare for cyber reconnaissance probes and attacks. Advances in technology have led to greater data storage capacity, and development and use of the Internet. Increases in the number of computer users have led to a plethora of cybercrime. To combat this problem, the field of cyber forensics focuses not only on traditional offline computer forensic technology, but on real-time, online evidence such as tracking emails and instant messages, as well as all other forms of computer related communications. Cyber forensics consists of two components: computer forensics and network forensics. Computer forensic science is the discipline of acquiring, preserving, retrieving, analyzing, reconstructing, and presenting data that has been processed electronically and stored on computer media, including networks for use in a court of law. The methods used must be technologically robust to ensure that all probative information is recovered, that original evidence is unaltered, and that no data were added to or deleted from the original collection. Generally, computer forensics investigations are performed after the crime or event occurred, as are investigations in traditional medical forensics. Files that have been lost or deleted by accident may be recovered by a forensic computer expert. Information potentially valuable to criminal or civil cases in a court of law are identified and collected using investigative techniques. In contrast, network forensics involves gathering digital evidence, which can be transient and not preserved with permanent storage media and is distributed across large-scale, complex networks. Network forensics is a more technically challenging area of cyber forensics since it deals with indepth analysis of computer network intrusion evidence. The difficulty lies in the commercial intrusion analysis tools which are inadequate to deal with today’s networked, distributed environments. References
Main Term(s): Computer related crime ; Forensics/Forensic Sciences ; Computer crime investigative Training ; Computer evidence
Index Term(s): Evidence collection ; Evidence identification and analysis ; Evidence preservation ; Science and Technology
Type: Issue Overview
Country: United States of America
Language: English
Note: Downloaded December 20, 2007
  To cite this abstract, use the following link:

* A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's web site is provided.