skip navigation


Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.


NCJ Number: 220983 Find in a Library
Title: Cyber Forensics: Part One
Author(s): Dr. Susan Zucker
Date Published: January 2007
Page Count: 3
Sponsoring Agency: National Clearinghouse for Science, Technology and the Law
Gulfport, FL 33707
Document: HTML
Type: Issue Overview
Format: Document (Online)
Language: English
Country: United States of America
Annotation: This article discusses cyber forensics within the context of current investigative needs.
Abstract: With the advancement in electronic technology, researchers must pursue vigorous research and development on cyber forensic technology to prepare for cyber reconnaissance probes and attacks. Advances in technology have led to greater data storage capacity, and development and use of the Internet. Increases in the number of computer users have led to a plethora of cybercrime. To combat this problem, the field of cyber forensics focuses not only on traditional offline computer forensic technology, but on real-time, online evidence such as tracking emails and instant messages, as well as all other forms of computer related communications. Cyber forensics consists of two components: computer forensics and network forensics. Computer forensic science is the discipline of acquiring, preserving, retrieving, analyzing, reconstructing, and presenting data that has been processed electronically and stored on computer media, including networks for use in a court of law. The methods used must be technologically robust to ensure that all probative information is recovered, that original evidence is unaltered, and that no data were added to or deleted from the original collection. Generally, computer forensics investigations are performed after the crime or event occurred, as are investigations in traditional medical forensics. Files that have been lost or deleted by accident may be recovered by a forensic computer expert. Information potentially valuable to criminal or civil cases in a court of law are identified and collected using investigative techniques. In contrast, network forensics involves gathering digital evidence, which can be transient and not preserved with permanent storage media and is distributed across large-scale, complex networks. Network forensics is a more technically challenging area of cyber forensics since it deals with indepth analysis of computer network intrusion evidence. The difficulty lies in the commercial intrusion analysis tools which are inadequate to deal with today’s networked, distributed environments. References
Main Term(s): Computer crime investigative Training; Computer evidence; Computer related crime; Forensic sciences
Index Term(s): Evidence collection; Evidence identification; Evidence preservation; Science and Technology
Note: Downloaded December 20, 2007
To cite this abstract, use the following link:

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.