Definition of Computer forensics :
Computer forensics is the practice of collecting, analysing and reporting on digital data in a way that is legally admissible. It can be used in the detection and prevention of crime.
Uses of Computer forensics:
It can also be used in any dispute where evidence is stored digitally. Computer forensics follows a similar process to other forensic disciplines, and faces similar issues.
There are few areas of crime or dispute where computer forensics cannot be applied. Law enforcement agencies have been among the earliest and heaviest users of computer forensics. Consequently have often been at the forefront of developments in the field.
Computers may constitute a ‘scene of a crime’, for example with hacking or denial of service attacks or they may hold evidence in the form of emails, internet history, documents or other files relevant to crimes such as murder, kidnap, fraud and drug trafficking.
It is not just the content of emails, documents and other files which may be of interest to investigators but also the ‘metadata’ associated with those files. A computer forensic examination may reveal when a document first appeared on a computer, when it was last edited, when it was last saved or printed and which user carried out these actions.
More recently, commercial organisations have used computer forensics to their benefit in a variety of cases such as;
* Intellectual Property theft * Industrial espionage * Employment disputes * Fraud investigations * Forgeries * Bankruptcy investigations * Inappropriate email and internet use in the work place * Regulatory compliance