Computer forensics brings new weapons to the fight against cybercrime

Unfortunately, many of us have learned the hard way that computer security is a constant concern. The emerging field of computer forensics, however, offers help in the form of new methods of preserving and extracting evidence related to computer crimes.

Cyber bad guys are wreaking havoc on computer systems—and are capturing front-page headlines in the bargain. It made little difference that the Clinton Administration pledged $2 billion in additional federal funding to combat security breaches last year. The problem just keeps getting worse.

Fortunately, the computer security field is also progressing at a brisk rate. In particular, the field of computer forensics brings new ways of preserving and analyzing evidence related to cybercrime.

This article outlines the emerging field of computer forensics and where this new area of knowledge is being researched, organized, and taught.

A growing problem
The numbers are chilling. According to the San Francisco, CA-based Computer Security Institute's (CSI) fifth annual "Computer Crime and Security Survey 2000," 90 percent of survey respondents detected cyberattacks on their companies, and 273 organizations reported $265,589,940 in financial losses.

So what's going on? It doesn't take a computer engineer or computer scientist to learn hacking fundamentals. After spending a few nights on the Internet, high-school students discover they can master hacking fundamentals by simply downloading software. Corporations and the federal government are just beginning to realize that securing their computer networks is critical. Equally frightening is that our national security has already been compromised.

Colleges have finally started to offer courses and concentrations in computer security and forensics, but it remains difficult to find degree programs in these disciplines.

Computer security and computer forensics
Computer security is the art or science of keeping and maintaining security on a particular network or server. “Companies are learning, often after their systems have been compromised, that you can’t throw a security product at a system and hope it works,” explains security expert George Kurtz, who is also president and CEO of consulting firm Foundstone, Inc., in Irvine, CA, and coauthor of Hacking Exposed: Network Security Secrets & Solutions (Osborne/McGraw Hill: $39.99). “There is no ‘silver bullet’ software or hardware that meets all systems’ security needs.”

The process of finding or creating the right product involves analyzing the system to find out what security measures are needed. Once security systems have been installed, they have to be maintained and monitored on a regular basis. “Computer security is a journey, not a destination,” Kurtz adds.

Computer forensics involves the preservation, identification, extraction, and documentation of computer evidence stored as data or magnetically encoded information. The fascinating part of the science is that the computer evidence often is transparently created by the computer's operating system without the knowledge of the computer operator. The information may actually be hidden from view. To find it, special forensic software tools and techniques are required.

An emerging field of expertise
It's the cybersleuth aspect of computer security and forensics that fills classes as soon as they're opened. A few of the schools offering courses include the University of Central Florida at Orlando; Georgetown University; George Mason University; George Washington University; Georgia State University; State University of New York at Farmingdale; University of New Haven, CT; Utica College in New York; and Idaho State University.

Schools like the University of Massachusetts and Dartmouth also touch on forensics, and their faculties speak about the topic at conferences on computer security. Other universities, such MIT and UCLA, boast good computer science departments that conduct research in computer forensics.

When you do unearth relevant courses, they carry sexy names like "Internet Security Protocols," "Computer Crime," "Info-Terrorism," "Information Warfare," and "Crime and National Security," to name a few. "But they're either straight computer forensics courses, computer security courses, or mathematical courses on cryptography," observes John Leeson, associate professor of computer science and assistant director of the National Center for Forensic Science for Digital Evidence at the University of Central Florida.

Law-enforcement agencies can take advantage of courses offered by the National White Collar Crime Center and the International Association of Computer Investigative Specialists. The FBI also has an academy that specializes in computer crime. "But, the courses are only open to law-enforcement agencies," says Leeson. "It doesn't do corporate computer-security people any good, since they're not available to the public. That's why colleges are beginning to offer courses in these subjects."

A shortage of experts
Still, most law-enforcement agencies, especially those in large cities, are understaffed when it comes to having trained computer-security experts. Industry, on the other hand, has been taking computer security seriously for several years. Sadly, "it took a number of embarrassing computer break-ins by teenage hackers to put the spotlight on it," says Jesper Johansson, assistant professor of information systems at Boston University's School of Management. "The problem is, industry doesn't know which computer-security issues to focus on," he says.

Johansson started teaching a course in network security during the spring semester, but he's been preparing for it since he joined BU a year ago. He'll also incorporate some forensics into the course. "Eventually, colleges will have to add courses on security and its applications and implications," says Johansson. "When students graduate, they'll have an understanding of the subject."

The biggest issue surrounding the computer security conundrum is a shortage of technologists who have a working knowledge of computer security and forensics, according to Kurtz. “Academics are teaching the subjects, but most lack real-world experience, which is critical when training students,” he says. Additionally, he contends that many academics are not current with security and forensics trends and tools.

Changing times
But change is on the horizon. Not only will more techies be concentrating on computer forensics, but attorneys and judges will be taking courses in the subject as well. Learning forensics basics will help attorneys, especially, to determine the kinds of evidence that can be found by probing a computer's operating system and what techniques can be used to legally obtain it.

On the academic front, full-fledged degree tracks in computer forensics are being developed, according to Leeson. Certification programs already exist.

If you have a few years of information-security experience, you're eligible for the Certified Information Systems Security Professional (CISSP) certification offered by the Computer Security Institute. Kurtz endorses CISSP certification. “It’s the equivalent of the CPA exam for security professionals,” he says, “and it’s very impressive on your resume.”

Where are the jobs? Government agencies, such as the Department of Defense, the FBI, CIA, and U.S. Postal Service need security specialists. State and local law-enforcement departments are hiring them as well. On the corporate front, all companies—especially large and midsize ones with a Web presence—will have serious security needs. Job titles differ, but typically, these positions are advertised as Junior Security Analysts for entry-level jobs and Senior Security Analysts if you have a few years of experience in the field.

Now is the time to jump into these emerging fields. Start by plugging into security and forensics networks. The good part is, lots of information is available on training programs and conferences about computer forensics. Besides the CSI, Def Con ( stages conventions about hacking, and Black Hat ( offers conventions, security conferences, and training. For information about CISSP certification, go to

Join the conversation
Let us know what you think about security and computer forensics. Send e-mail or post a comment below and share your experiences in this rapidly changing field.


Editor's Picks