Computer Forensics

Also known as Computer Forensic Science is a branch of Digital Forensic Science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information. Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.

 

Computers forensics has been used as evidence in criminal law since the mid 1980's. Some notable cases include, the BTK Killer, Joseph E. Duncan III, and Sharon Lopatka. The process of investigation are preformed on static data rather than live systems. Three common techniques are:

1. Cross-Drive Analysis
2. Live Analysis
3. Deleted Files

While there is commercial and open source software available to the public, a thorough investigation requires time and manual review of the material. There are Computer Forensics certification programs available for those who want to do this professionally.

Sources
Wikipedia - Computer Forensics