The ability to practice sound computer forensics will help to ensure the overall integrity and survivability of your network infrastructure. One can help his organization if he considers computer forensics as a new basic element in what is known as a “defense-in-depth” approach to network and computer security. For instance, understanding the legal and technical aspects of computer forensics will help him to capture vital information if his network is compromised and will help him to prosecute the case if the intruder is caught. What happens if he ignores computer forensics or practice it badly? He may risk of destroying vital evidence or having forensic evidence ruled inadmissible in a court of law. Also, he or his organization may run afoul of new laws that mandate regulatory compliance and assign liability if certain types of data are not adequately protected. Recent legislation makes it possible to hold organizations liable in civil or criminal court if they fail to protect customer data.
Computer forensics is also important because it can save ones organizations money. Many managers are allocating a greater portion of their information technology budgets for computer and network security. International Data Corporation (IDC) reported that the market for intrusion-detection and vulnerability-assessment software will reach 1.45 billion dollars in 2006. In increasing numbers, organizations are deploying network security devices such as intrusion detection systems (IDS), firewalls, proxies, and the like, which all report on the security status of networks.
From a technical standpoint, the main goal of computer forensics is to identify, collect, preserve, and analyze data in a way that preserves the integrity of the evidence collected so it can be used effectively in a legal case.