The IT Law Wiki

Definition[]

General[]

Forensic science (often shortened to forensics) is "[t]he application of multi-disciplinary science capabilities to establish facts."[1]

Forensics is

the term for discovering and identifying information relevant to an investigation through both scientific and intelligence-based acumen.[2]

Overview[]

Cybersecurity[]

"In the context of a cyber incident, forensics refers to a number of technical disciplines related to the duplication, extraction, and analysis of data to uncover artifacts relevant to identifying malicious cyber activity. Forensics includes several sub-disciplines, including host-based forensics, network and packet data forensics, memory analysis, data correlation, and malware analysis."[3]

General[]

The term forensics comes from the Latin forensis or "before the forum."

"Forensic science can help investigators understand how blood spatter patterns occur (physics), learn the composition and source of evidence such as drugs and trace materials (chemistry) or determine the identity of an unknown suspect (biology). Forensic science plays a vital role in the criminal justice system by providing scientifically based information through the analysis of physical evidence. During an investigation, evidence is collected at a crime scene or from a person, analyzed in a crime laboratory and then the results presented in court. Each crime scene is unique, and each case presents its own challenges."[4]

References[]

  1. Biometrics Identity Management Agency, Biometrics Glossary, at 30 (Ver. 5) (Oct. 2010) (full-text).
  2. National Cyber Incident Response Plan, at 22.
  3. Id. at 22-23.
  4. National Institute of Justice, "Forensic Science" (full-text).

See also[]