Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early '80s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.
Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil (as part of the electronic discovery process) courts. Forensics may also feature in the private sector; such as during internal corporate investigations or intrusion investigation (a specialist probe into the nature and extent of an unauthorized network intrusion).
PHILIPPINE NATIONAL POLICE ANTI-CYBERCRIME GROUP COPYRIGHT 2014
Cyber threats are more rampant than ever before, with some research indicating more than 16,000 web sites are affected every day. A cyber attack can impact the performance of an enterprise or compromise sensitive data within minutes. To avoid this, government, critical infrastructure (CIKR), and commercial organizations must implement preventive measures and develop a plan that enables rapid response and recovery through collaboration with customers and service providers.
Many organizations have invested in tactical tools for detection, monitoring, alerts, event management (SIEM), forensics, and governance (GRC). Such tools can be very effective in addressing the technical, compliance, and reporting requirements for standards such as FISMA, FERC, and NERC CIP. However, they do not provide the process assurance necessary to ensure that your organization's plans for physical security, business continuity, IT security, and crisis management are executed in a cohesive and effective manner on every occasion.
One use of the term "computer security" refers to technology that is used to implement secure operating systems. Much of this technology is based on science developed in the 1980s and used to produce what may be some of the most impenetrable operating systems ever. Though still valid, the technology is in limited use today, primarily because it imposes some changes to system management and also because it is not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment.
An example of such a Computer security policy is the Bell-LaPadula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel.