Computer ForensicsĀ
Computer forensics is the study that deals with legal evidence found in computer systems. Practitioners are capable of performing any of the following: analyze computer systems, recover data rendered inaccessible by software or hardware failure, analyze the conditions surrounding a computer break-in, gather evidence from hardware or software, interpret the workings of a computer system for optimization or reverse engineering.
The recent discovery of a rogue espionage network (named GhostNet) was made possible by Canadian researchers applying computer forensics. What started out as a routinary inspection of computers to look for malware has turned into an unveiling of what might be a group of highly organized cyber criminals.
Computer forensics can reveal a lot of information by starting from a victim's computer system. In the case of GhostNet, the Canadian researchers were allegedly able to trace back the root as well as the scope of the infiltration. Procedures like these are highly sensitive as the act of tracing can be intrusive itself.