The essentials of computer forensics

Related Links

On the cutting edge

Computer forensics, a rapidly growing field, is the use of hardware and software tools to recover the contents of a digital device for use as evidence in court.

The discipline essentially is the same from agency to agency. The basic functions include:
    Secure the digital evidence. Seize the personal computers, cell phones, printers, personal digital assistants or other devices, and keep them in secure locations, such as evidence rooms.

  • Create an identical replica of the digital information on the original hardware. Once this replica is created, the original evidence is not used again, to guard against claims of tampering.

  • Using the replica copy, find and catalog all the files relevant to the investigation under way, including locating all visible files, deleted files and encrypted files.

  • Recover data contained in all files, including by undeleting files, decrypting encrypted files and cracking passwords on protected files.

  • Analyze all the data, looking for information that has bearing on the investigation at hand.

  • Create reports and analyses that summarize findings and can be used in court.

  • Maintain secure copies of the replica evidence, reports and analyses for a specified period of time, perhaps permanently.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.