Computer forensics are specialized techniques used in the recovery, authentication, and analysis of electronic data, and can be critical in cases requiring the examination of residual data, the authentication of data by technical analysis, reconstructing computer usage, or to provide an explanation of technical features relating to computer data and/or usage.
Computer forensics may be applicable in any case in which the overall objective is to provide digital evidence of a specific or general activity. It can be anything from the simple identification and recovery of files to the investigation of industrial espionage or criminal fraud and deception.
Computer forensics is a detailed science. It is done objectively, as a “truth finding” mission. During the investigation it’s critical to maintain a complete audit log of all forensic activities which may include, among others:
- Securing the subject system.
- Producing a copy of the hard drive.
- Identification and recovery of all files, including audio, video, and graphical images.
- Accessing hidden, protected, or deleted files.
- Inspecting residue on the drive for previously deleted files.
- Investigation of data from installed applications or programs.