Computer Forensics

Beginner’s Guide to Computer Forensics

Beginner’s Guide to Computer Forensics

introduction

Computer forensics is the practice of collecting, analyzing and reporting digital information in a legally acceptable manner. It can be used in crime detection and prevention and in any dispute where evidence is stored digitally. Computer forensics has comparable examination stages to other forensic disciplines and faces similar problems.

About this guide

This guide discusses computer forensics from a neutral perspective. It is not associated with any particular law or intended to promote any particular company or product and is not written in the bias of law enforcement or commercial computer forensics. It is aimed at a non-technical audience and provides a high-level view of computer forensics.

This guide uses the term “computer”, but this concept applies to any device capable of storing digital information. If methodologies have been mentioned, they are only examples and do not constitute recommendations or suggestions. Copying and publishing all or part of this article is licensed solely under the terms of the Creative Commons – Attribution Non-Commercial 3.0 license.

Use of computer forensics

There are some areas of crime or dispute where computer forensics cannot be applied. Law enforcement agencies have been among the earliest and heaviest users of computer forensics and as a result are often at the forefront of developments in the field. Computers can become a ‘crime scene’, for example by means of hacking

[1] or denial of service attacks

[2] or they can store evidence in the form of emails, internet history, documents or other files relevant to crimes such as murder, kidnapping, fraud and drug trade. It is not only the content of emails, documents, and other files that may be of interest to investigators, but also the ‘meta-data’

[3] associated with those files. A computer forensic examination can reveal when a document … Read more