Computer Software Security

Computers are an important facet of forensic science. Individual computers as well as computers that are electronically connected via the Internet house text, graphics, and other sources of forensic information.

This information can be vulnerable to unauthorized scrutiny, outright tampering, theft or misuse.

As with many other computer operations, computers that are critical to a forensic science operation ought to be equipped with a variety of hardware and software security features that help safeguard the information.

Software can prevent damage to computer files, programs, and operating systems, as well as to monitor a personal computer (PC) or laptop for theft.

A recommended feature for any computer that is connected to the Internet is software that protects the computer from viruses. Like biological viruses, computer viruses need the machinery of another host, in this case a computer, to make new copies of themselves and infect another host computer. There are upwards of 100,000 known viruses, with new viruses being detected literally every day.

Some viruses are hidden inside a program that appears safe. Once the program is downloaded into a computer and executed, the "Trojan" virus can enact great damage. Another type of virus called a worm usually is ferried into a computer via e-mail. The virus can then be emailed out to everyone in the computer's email address book. Thus, the virus can spread very widely and very quickly.

An infamous example is the "Love" virus, which infected millions of computers worldwide within hours of its release in May 2000. This virus was also a Trojan because it was contained in an innocuous appearing email attachment.

There are a wide variety of anti-virus software programs available that will recognize, quarantine and destroy many of these viruses. Anti-virus programs need to be updated frequently (often accomplished automatically "on-line" with some vendors products) to keep pace with the appearance of new viruses.

Next to viruses, theft represents the biggest security issue for computer users. Various hardware options are designed to lessen the chance of theft. Anti-theft software is also available. There are several software programs that aim to lessen the usability, and so the appeal, of a stolen computer (particularly laptop computers). In one setup, a registered identifier number is beamed out when the stolen computer is hooked up to the Internet. Proprietary software can detect and even track the location of the sending computer. Another strategy uses motion-sensing software that is adjusted to the motion patterns of the normal user. A different range of motions that are uncharacteristic of the principal user can trigger an audio alarm. As well, the computer is triggered to shut down and reboot. The user then needs to supply a complicated password to use the computer and even to read the scrambled files (see below) from the hard drive. This protection occurs even when the computer is shut off.

Another software security option is known as encryption. Encryption is the scrambling of the data into an undecipherable format. Encryption programs can scramble the data that is resident in the computer as well as data sent to another computer via email. The message can be reassembled to the original format if the receiving computer has an encryption program installed.

Computers connected to the Internet are often equipped with software known as a firewall. The firewall functions to monitor incoming transmissions and to restrict those that are deemed suspicious. It is a controlled gateway that limits who and what can pass through. A number of vendors offer firewall programs. Like anti-virus software, these programs can and should be frequently updated, since those who seek to maliciously gain remote access to computers are constantly developing methods to thwart the firewall barrier.