Digital forensics

by Amanda Oram 2012

human hand in leather glove is stealing data


Individuals committing computer crime often assume that pressing “Delete” will permanently remove evidence from their computer. This is not the case because information is not completely removed from the hard drive. This data can be retrieved using computer forensics, a sub-branch of digital forensics, which is one of the newest branches of forensic science.

Digital forensics is used to investigate incidents including white collar crime, such as fraud, where a computer is used either as a tool in enabling the crime or as a target of the crime. It is equally valuable in civil proceedings and human resource management cases such as employee misuse of corporate IT resources.
The four sub-branches of digital forensics are:  

  • Computer forensics – analysis of information contained within and created with computer systems and computing devices.
  • Mobile device forensics – includes cellular phones, smart phones and MP3 players. The difference between this and computer forensics is that mobile devices have an integral communication system and often proprietary storage systems.
  •  Network forensics – monitoring and analysis of traffic on computer networks ranging from LANs to WANs and the Internet.
  • Database forensics – analysis of databases, including metadata, for incidents such as security attacks.

Inspec covers many of these topics. The following thesaurus terms and classification codes will be useful when searching for them.

Controlled Indexing Terms

computer crime
computer forensics (digital forensics is a lead-in)
computer network security
computer networks
data mining
data privacy
database management systems
DP management
human resource management
mobile computing
security of data

Classification Codes

c0310S  (new for 2012)