Computer Forensics

Computers are primarily used conduct research and find out new information.  But they can also be used to commit computer-based crimes or violations.  Using a computer to commit a crime is also known as cyber forensics.  Computer forensics helps figure out who committed the crime by collection, preservation, analysis and presentation of computer-related evidence.  The goal of computer forensics is to use investigation techniques to analyze information from a computer device to solve the problem, who is responsible for the actions that were committed.

To be more accurate, investigators usually follow a specific procedure when conducting the investigation.  First, they isolate the computer device to make sure that no one can get access to the media and hack into it and change the evidence.  Therefore, the evidence will remain the same throughout the entire process.  Then they make a digital copy of the evidence so that it is safe and documented.  After it is copied onto a media device, they use this to perform the investigation.  The investigators use a multitude of proprietary software forensic applications to examine the digital copy, search hidden folders, and deleted or damaged files.  The evidence that is found is documented in a "finding folder" and verified with its original findings.  As crime rates continue to increase, computer forensics has become a huge area of scientific expertise which the investigators strive to make a better place for internet users.  It is mainly an issue because computers are becoming more powerful and they have hard drives that are capable of holding gigabytes and even terabytes of data.  This is frightening because detectives have to figure out a way to search for evidence without using too many resources in doing so.

http://searchsecurity.techtarget.com/definition/computer-forensics
http://www.howstuffworks.com/computer-forensic.htm

Packet Analyzer

A packet analyzer is used to monitor, intercept, and decode data packets as they are transmitted across networks.  Some packet analyzers can be software while some of them can be hardware.  Other names for a packet analyzer are network analyzer, protocol analyzer, and packet sniffer.  As data is flowing through networks, the sniffer can look at each individual packet and decode the data.  By decoding the data, the sniffer can view the information in the packet and therefore analyze the information.

One example of a powerful network monitor and analyzer is CommView.  CommView is an easy network monitor and it is very flexible.  This application "captures every packet on the wire to display important information such as a list of packets and network connections, vital statistics, protocol distribution charts, and so on."  Since CommView gives a full analysis, it can help find network problems and troubleshoot software and hardware.  Network analyzers are important because they maintain efficient network data transmission, test firewalls, and identify problems.  In addition, CommView decodes network traffic which allows you to see what, where, and how the information you are sending leaves your computer.  Some of the many things that CommView is capable of doing are view detailed IP connections statistics, reconstruct TCP sessions, map packets to the application that is sending/receiving them, and view protocol distribution. 

http://www.veracode.com/security/packet-analyzer
http://www.tamos.com/products/commview/