computer forensics - Computer Definition
The investigation of a computer system believed to be involved in cybercrime. Forensic software provides a variety of tools for investigating a suspect PC. Such programs may copy the entire hard drive to another system for inspection, allowing the original to remain unaltered. Another utility compares file extensions to the content within the files to determine if they have been camouflaged with phony extensions. For example, an image file might be renamed as a text document and vice versa. In addition, hard drives can be examined for data that has been deleted (see data remanence). Network Forensics In order to identify attacks, "network forensics" deals with the capture and inspection of packets passing through a selected node in the network. Packets can be inspected on the fly or stored on disk for later analysis. See hidden disk areas, forensically clean, slack space, write blocker, file wipe, IDS, Internet forensics and security event management software.