Forensic Information Engineering

Forensic Computer Engineering emerged in the late 1970s as the effectiveness of computers in committing crimes became increasingly recognized with the advancement of digital technologies. In 1984, the FBI initiated digital evidence collection activities under the name Magnetic Media Program; this program was soon restructured as the Computer Analysis and Response Team (CART). At a time when technical tools were limited, CART became one of the first units to standardize data recovery and file system analysis. Throughout the 1990s, while the FBI’s CART handled cases numbering in the hundreds, international organizations such as IOCE (1995) began developing forensic computing guidelines. In the modern era, the concept has expanded; digital forensics has evolved to encompass new data domains including mobile devices, cloud systems, IoT, and cryptocurrencies.

Definition and Role of Forensic Computer Engineering

Forensic Computer Engineering is an engineering discipline that integrates technical expertise with legal requirements in the processes of detecting, examining, analyzing, and reporting crimes committed on digital systems. This field encompasses education and research aimed at scientifically analyzing digital evidence obtained from information systems and ensuring its admissibility in legal proceedings. It plays a critical role in uncovering cybercrimes, data breaches, fraud, intellectual property theft, and other malicious activities. Professionals in this domain combine technical specialization, research skills, and knowledge of legal procedures to ensure that evidence is collected, analyzed, and preserved in a manner legally acceptable.

Forensic Computer Engineering (Generated with Artificial Intelligence Assistance)

Forensic Computer Engineering is directly related to numerous disciplines including computer engineering, software engineering, cybersecurity, cryptography, criminal law, and forensic sciences. Experts trained in this field investigate events occurring on computers, mobile devices, network systems, databases, servers, and digital media to collect and analyze evidence. Digital data obtained are gathered, preserved, and reported in accordance with forensic standards.

Core Responsibilities and Techniques

Forensic computer engineers perform the following duties:

• Evidence Collection: Securely extracting data from digital devices without altering or damaging it.
• Data Recovery: Retrieving lost or deleted files from storage devices, even after intentional destruction.
• Malware Analysis: Investigating malicious software to determine its origin, functionality, and impact.
• Network Analysis: Monitoring network traffic to detect unauthorized access or identify intrusion points.
• Log Analysis: Examining logs from systems and applications to uncover suspicious behavioral patterns.
• Report Preparation: Documenting findings clearly and concisely for use in legal cases or internal audits.

Forensic computing processes are typically conducted within a standardized seven-phase model: identification, collection, preservation, examination, analysis, reporting, and court presentation. Throughout this process, the integrity of evidence is maintained through the chain of custody principle, which is an uninterrupted record documenting who accessed the digital evidence, when, and how, thereby ensuring its legal validity.

Origins of Forensic Computer Engineering Education in Türkiye

In Türkiye, Forensic Computer Engineering was first introduced at the undergraduate level in 2014 at the Faculty of Technology of Fırat University. Fırat University is the first higher education institution in Türkiye to offer education in this field. The department provides forensic computer engineering education with an engineering-based approach, offering students both software and hardware-oriented courses. The curriculum also includes law-based subjects such as criminal law, cybercrimes, forensic reporting, and evidence management.

The program aims to equip students with fundamental engineering competencies, advanced knowledge of computer systems and networks, practical skills in using forensic software and hardware, and understanding of legal frameworks related to criminal law and personal data protection. Theoretical knowledge is reinforced through internships and workplace applications. The curriculum covers foundational programming, computer systems, and network security, progressing to advanced technical courses such as electronic evidence examination, file system analysis, biometric identification, and data access via mobile devices and the web. Additionally, courses on software ethics, labor law, and forensic computing legislation are included.

Students are given the opportunity to specialize through elective technical courses such as data mining, malware analysis, and human-computer interaction. The department provides computer laboratories and classrooms where students actively participate in practical and theoretical instruction. The department operates eight specialized laboratories, each dedicated to specific functions. These include the Cybersecurity Laboratory, Forensic Software Laboratory, Forensic Hardware Laboratory, Data Recovery Laboratory, and Network and Systems Laboratory.

The undergraduate program in Forensic Computer Engineering at Fırat University spans four years and comprises 227 course hours. Of these, 155 hours are theoretical and 72 hours are practical, representing 61% and 39% respectively. The curriculum includes 131 hours of department-specific technical courses, 13 hours of legal content, 53 hours of fundamental engineering courses, and 30 hours of internship and workplace training.

Forensic Computer Engineering Network and Systems Laboratory

The Network and Systems Laboratory enables practical work in the fields of computer networks, systems, hardware and software security, and general computer security. The laboratory provides the necessary hardware and infrastructure for students to experience various traffic scenarios encountered in internet infrastructure, better understand TCP/IP protocols and data communication, and gain hands-on knowledge of network systems.

This laboratory supports the practical components of several courses in the undergraduate program of Forensic Computer Engineering at Fırat University, including ABM108 (Computer Systems), ABM209 (Computer Networks), ABM210 (Network and System Security), ABM212 (Internet and E-Commerce Security), and ABM342 (Wireless/Mobile Multi-Networks).

The laboratory infrastructure includes physical and software components required for setting up, configuring, and testing computer networks. It is equipped with backbone switches, routers, repeaters, wireless modems, access points, patch panels, various cable types, and cabling equipment. Additionally, cabinet systems, intrusion detection and prevention systems (IDS/IPS) hardware and software are integrated into the lab environment. Specialized operating systems and security tools are installed on computers to test network vulnerabilities.

Forensic Computer Engineering Audio and Video Analysis Laboratory

The Audio and Video Analysis Laboratory operates to analyze audio and video recordings and determine whether they contain evidence relevant to criminal investigations. Activities conducted in this laboratory include voice identification, enhancement and editing of recordings, detection of editing or tampering, and identification of persons or objects from visual footage.

Forensic Computer Engineering Biometric Systems Laboratory

The Biometric Systems Laboratory is designed for the development and analysis of applications that use unique physical and behavioral characteristics of individuals for identification and authentication purposes. The laboratory is equipped with infrastructure and devices for collecting, processing, analyzing biometric data, and testing systems that utilize such data.

This laboratory serves as the practical platform for ABM304 (Identification Methods and Biometrics) and other related courses in the undergraduate program of Forensic Computer Engineering at Fırat University.

The laboratory features fingerprint, facial, iris, and voice recognition systems. These devices are supported by Software Development Kits (SDKs) that enable the use of biometric data for both training and software development purposes. The laboratory layout includes dedicated workstations for each device group, simultaneous usage capabilities, and projection-supported lecture presentation systems.

Key systems and equipment in the laboratory include:

• Fingerprint reader systems and development SDKs
• Facial recognition systems
• Iris recognition systems
• Voice recognition systems
• • External USB sound card
  • Audio recording devices
  • Headphones, microphones, active monitors, pedal-controlled transcription equipment
• USB magnetic card reader (card encoding and reading systems)
• Portable smart card reader
• Contact and contactless smart card reader and encoder
• Wireless laser barcode reader
• Wireless 2D QR code reader

The laboratory is used not only for understanding the theoretical foundations of biometric recognition systems but also for practical development and testing.

Forensic Computer Engineering Cybersecurity Laboratory

The Cybersecurity Laboratory is a unit where practical training is conducted in cybersecurity, programming, and foundational forensic computing. The laboratory provides the practical infrastructure for numerous courses in the undergraduate program of Forensic Computer Engineering at Fırat University, including ABM105 (Algorithms and Programming), ABM107 (Fundamentals of Forensic Computer Engineering), ABM106 (Programming Languages), ABM108 (Computer Systems), ABM213 (Data Structures), ABM214 (Information Security and Cryptography Techniques), ABM215 (Database Management Systems), ABM306 (Web-Based Information Access), and ABM336 (Data Mining).

The laboratory consists of 50 computers equipped with i5 and i7 processors, 16 to 32 GB RAM, storage capacities ranging from 500 GB to 1 TB, and 22-inch monitors. The systems run Windows and Linux-based operating systems. Installed software supports various purposes including network simulation, packet analysis, programming, virtualization, database management, application security, and basic office operations. Software tools include Cisco Packet Tracer, GNS3, Wireshark, VMware, VirtualBox, SQL Server, Matlab, NetBeans, Dev-C++, Visual Studio, Kali Linux, DVWA (Damn Vulnerable Web Application), Adobe applications, and Microsoft Office.

Forensic Computer Engineering Forensic Hardware and Software Laboratory

The Forensic Hardware and Software Laboratory is a unit where practical activities related to the collection, preservation, analysis, and reporting of digital evidence are carried out. The laboratory provides both software and hardware infrastructure to enable forensic examination of data obtained from hard drives, mobile devices, computers, and other digital sources in compliance with forensic standards. This includes capabilities for imaging, disk analysis, live system examination, data recovery, network traffic analysis, and reporting.

This laboratory serves as the practical platform for several courses in the undergraduate program of Forensic Computer Engineering at Fırat University, including ABM311 (Electronic Evidence and Computer Crimes), ABM315 (Computer Crime Investigation Software), ABM317 (Computer Crime Investigation Hardware), ABM302 (File System Analysis), and ABM407 (Collection and Analysis of Electronic Evidence).

The laboratory consists of 50 computers, each equipped with an i5 or i7 processor, 16–32 GB RAM, storage capacity between 500 GB and 1 TB, and a 22-inch monitor. The systems run Windows and Linux-based operating systems, with both licensed and open-source forensic software installed. The laboratory provides various software and hardware tools for operations such as disk imaging, mobile device examination, disk wiping, write protection, social media and internet artifact analysis, and network traffic monitoring.

Key hardware equipment in the laboratory includes:

• CRU Forensic RTX HDD Unit
• Tableau TD3, T8u, T6es write-blockers
• CRU Ditto Field Station
• CRU UltraDock and Media Write Blocker
• Digital Intelligence UltraBlock card readers
• Data recovery kits (PC-3000, Dolphin DFL-SRP All-In-One)
• SIM card reader, signal-blocking sleeve
• Network analysis devices and cable/adaptor sets
• CD/DVD/Blu-ray examination hardware
• Forensic tool kit and shock-absorbing transport equipment, Faraday bag

The laboratory layout is designed to allow simultaneous use of equipment while preventing operational conflicts. Dedicated workstations are allocated for each equipment group. Projection systems are available for lectures and practical demonstrations.

Key software tools used include:

• Guidance Software EnCase Forensic
• AccessData FTK (Forensics Tool Kit)
• GetData Forensic Explorer
• Oxygen Forensics
• Magnet Axiom, IEF Application & OS Artifact
• X1 Social Discovery
• Savvius Enterprise
• Paraben
• X-Ways Forensic
• Autopsy
• Kali Linux, DEFT Linux, DART Linux
• The Sleuth Kit tools
• MobilEdit
• SIMCON

International Educational Approaches and Career Opportunities

Forensic computing education is offered at the undergraduate level by only a limited number of universities worldwide. Institutions such as Abertay University (Scotland), Teesside University (England), and Bloomsburg University (USA) are among those providing such programs. In Türkiye, Fırat University became the first higher education institution to launch an undergraduate program in Forensic Computer Engineering in 2014. The program is structured in alignment with the European Credit Transfer and Accumulation System (ECTS).

Graduates of Forensic Computer Engineering can work in public institutions, law enforcement agencies, forensic medicine units, cybercrime units, information and communication technology authorities, prosecutor’s offices, and judicial bodies. In the private sector, they may be employed by cybersecurity firms, banks, forensic analysis and consulting companies, information security departments, and research and development units related to information systems. They may also find employment in international organizations and forensic service laboratories. Graduates also have the opportunity to pursue academic careers through master’s and doctoral programs.