At a basic level, computer forensics is the analysis of information and data contained within and created with computer systems and computing devices, typically in the interest of figuring out what happened, when it happened, how it happened, and who was involved in it.

It is also defined as the preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing expert opinion in a court of law or other legal and/or administrative proceeding as to what was found.

How Computer Forensics work:

It follows the standard digital forensic process of acquisition by isolating the computer in question to make sure it cannot be accidentally contaminated; analysis of data by making a copy of the hard drive and reporting finally as required.

In computer forensics, there are three types of data that we are concerned with i.e. active, archival, and latent data.Active data is the information that you and I can see. Data files, programs, and files used by the operating system. This is the easiest type of data to obtain; Archival data is data that has been backed up and stored. This could consist of backup tapes, CD’s, floppies, or entire hard drives to cite a few examples; Latent (also called ambient) data is the information that one typically needs specialized tools to get at. An example would be information that has been deleted or partially overwritten.

How it is helpful: Computer Forensics can be for the purpose of performing a root cause analysis of a computer system that had failed or is not operating properly; It is used to find out who is responsible for misuse of computer systems; It helps to know who committed a crime using a computer system or against a Computer system.

How it can be improved: One of the most important aspects of a successful electronic investigations program is establishing proper incident response procedures. Without these procedures, organizations run the risk of losing critical evidence, as well as jeopardizing criminal prosecution.

According to the book Incident Response: Investigating Computer Crime, a good incident response procedure can be broken down into eleven steps: Planning and preparation, Incident Detection, Initial response, Response strategy formulation, Forensic backups, Investigation, Security measure implementation, Network monitoring, Recovery, and Reporting.

What are the unmet things in Computer Forensics?

Data in computer forensics has not been backed up anywhere apart from the computer system itself and is therefore at a risk of being lost if at all there is theft of the computer system components. The backup methods can include email notifications every time the system data is modified.

Since 2012, it is clear that the future of the legal profession is in innovation and technology. We are happy that a number of Lawyers and others in the legal profession, not only in Uganda, but around the world, have come to realize that indeed, the future of law lies in innovation and technology and that only by harnessing technology shall we enable universal access to justice for everyone.

To those in the legal profession who fail to adapt the use of technology in their practice, well, there’s no two ways about it, you might very soon get buried in the digital underground, like typesetters at the dawn of word processing.

Conclusion

The information contained in this document covers the basics, and really doesn’t do full justice to all facets of computer forensics. I hope however that I have a better understanding of what computer forensics entails and how it can be important to Uganda and the world at large in criminal investigations and security. But it is not good to rely on Computer Data for foolproof because different Computer security specialists have developed anti-forensic applications that can hide any required information for criminal investigations.

.

ABOUT THE AUTHOR

JOSEPH SEMUJU

Joseph Semuju leads the programming team at Crossroads Digital Multimedia Limited. He is a native Ugandan and has worked for the Crossroads Digital Multimedia Limited as a 3D Computer Animator for the last two years. He received a Bachelor of Science in Computer Science with a second class – upper division from Makerere University. Joseph is someone who is constantly on a mission to keep things running smooth, fast, and in a more automated fashion. No tech question scares him; if he does not know the answer, he takes time to find it. He is detail oriented, thrive on efficiency, and ready to impact a positive change in Africa and the rest of the world through research, writing, and active citizenship.