Computer forensics is all about legal evidence found in computers and digital storage devices. Computer forensics is also known as digital forensics. The goal of computer forensics is to explain the current state of a digital artifact. The term digital artifact can include a computer system, a storage device (such as a hard disk, CD-ROM, or thumb drive), an electronic document (e.g. an email message or video) or even a sequence of packets moving over a computer network. The explanation seeks to answer basic question such as “What information is here?” and detailed questions such as “What is the sequence of events responsible for the present situation?
There are many reasons to perform computer forensics:
- In legal cases, computer forensic is frequently used to analyze computer systems belonging to defendants (in criminal cases) or litigants (in civil cases).
- To recover data in the event of a hardware or software failure.
- To analyze a computer system after a break-in to determine how the attacker gained access and what the attacker did.
- To gather evidence about an employee that may be participating in unacceptable behavior.
Special measures should be taken when conducting a forensic investigation if it is desired for the results to be used in a court of law. One of the most important measures is to assure that the evidence has been accurately collected and that there is a clear chain of custody from the scene of the crime to the investigator—and ultimately to the court. Tools that are used to generate reports for court should be validated. There are many tools to be used in the process. One should determine the proper tool to be used based on the case.
Special Private Investigator pricing packages are available for this specialty.