Computer forensics: history of the branch of digital science

In recent years, a new branch of digital forensics analysis and investigation has emerged: computer forensics , which is located at the intersection of computer science and legal science. Recently it has also become part of various university courses as a subject of study. But what exactly is it and in what situations is it used? The discipline that we are going to analyze deals with the processing of data and their management. Or even the recovery and their reconstruction, direct or indirect. The scope of application can be identified in any crime where there may be an IT system involved in any capacity.

A possible definition could be the following: a set of methodologies, scientifically proven, which have as their main purpose the reconstruction of events for evidential purposes that directly or indirectly involve a digital medium .

Computer forensics: a little history

In Italy, as the starting point of the discipline, we can indicate 1993, the year in which an organic law on IT-criminal matters was enacted. With this law an attempt was made to implement the Recommendation of the Council of Europe of 9 September 1989 no. R (89) —9 , even if the first bills for the regulation of illicit behavior related to information technology were presented to the Italian Parliament as early as the 1980s.

Computer forensics

However, only since 1994 has there been an important step forward. In those years the public prosecutor's offices switched from paper to digital registers. The turning point came in 2008, when digital devices spread and forensic information technology was born as a spontaneous consequence of the problem of managing digital finds.

Even the news often tells us about the importance of these methodologies . Having almost everyone with them a personal mobile device, which becomes the first source from which to obtain personal information.

New professional figures

So here is also a new professional profile, the digital forenser . Among his skills he knows and knows how to best manage technical aspects, methodologies and legal rules. This professional figure could be identified in a technical consultant or a law enforcement operator.

The basic steps of computer forensics are:

  • identification;
  • collection;
  • validation;
  • preservation;
  • analyses;
  • interpretation;
  • documentation;
  • presentation.

Scope and preview

It is necessary to remember that, reduced to a minimum, the analysis of digital systems has the main purpose of looking for data and interpreting them to find important evidence that can change the investigation. Furthermore, it must be remembered that today sensitive data can be obtained not only from computers but also from servers, memory cards, clouds.

Computer forensics

One of the first analyzes made at investigative levels is called preview which consists of a first level evaluation of the device memories. The purpose of this first analysis is to identify possible elements of investigative interest. Analyzes of this type must be performed by competent personnel and with the use of certain tools , in order to avoid the risk of altering the contents leading to the dispersion of the test.

The article Computer forensics: history of the branch of digital science was written on: Tech CuE | Close-up Engineering .