Individuals committing computer crime often assume that pressing “Delete” will permanently remove evidence from their computer. This is not the case because information is not completely removed from the hard drive. This data can be retrieved using computer forensics, a sub-branch of digital forensics, which is one of the newest branches of forensic science.
Digital forensics is used to investigate incidents including white collar crime, such as fraud, where a computer is used either as a tool in enabling the crime or as a target of the crime. It is equally valuable in civil proceedings and human resource management cases such as employee misuse of corporate IT resources.
The four sub-branches of digital forensics are:
- Computer forensics – analysis of information contained within and created with computer systems and computing devices.
- Mobile device forensics – includes cellular phones, smartphones and MP3 players. The difference between this and computer forensics is that mobile devices have an integrated communication system and often proprietary storage systems.
- Network forensics – monitoring and analysis of traffic on computer networks ranging from LANs to WANs and the Internet.
- Database forensics – analysis of databases, including metadata, for incidents such as security attacks.
Inspec covers many of these topics. The following thesaurus terms and classification codes will be useful when searching for them.
Controlled Indexing Terms
- computer crime
- computer forensics (digital forensics is a lead-in)
- computer network security
- computer networks
- data mining
- data privacy
- database management systems
- DP management
- human resource management
- mobile computing
- security of data
- c0310S (new for 2012)