Computer forensics involves the analysis, collection and reporting of digital information. It can be used in the prevention and detection if crime as well as in any dispute in which digital evidence is stored. Computer forensics shares similar examination stages with other forensic disciplines. It also faces similar challenges.
About this Guide
This guide is neutral and discusses computer forensics. It is not tied to any legislation and is not meant to promote a company or product. It is designed for a non-technical audience. It provides an overview of computerforensics. The term “computer” has been used in this guide. However, the concepts can be applied to any device capable storing digital information. Any mentions of methodologies are meant to be examples only. They do not represent advice or recommendations. The Creative Commons – Attribution Non-Commercial 30.0 license applies to copying and publishing whole or parts of this article.
Computer forensics
Computer forensics can easily be applied to a wide range of criminal and dispute areas. Computer forensics was first used by law enforcement agencies. Computers can be a’scene for a crime’. This could include hacking [1] or denialof service attacks [2]. Or they might have evidence in the form email history, documents, or other files related to crimes such murder, kidnapping and drug trafficking. Investigators will be interested not only in the content of emails and documents but also the metadata (or data) associated with those files. A computer forensic exam may reveal the time and date a document first appeared on a PC, its last edit, when it was saved or printed, and which user performed these actions.