Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.
A number of techniques are used during computer forensics investigations:
- Cross-drive analysis
- A forensic technique that correlates information found on multiple hard drives.
- Live analysis
- The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence.
A common technique used in computer forensics is the recovery of deleted files.
Computer forensics evidence has been used as evidence in criminal law since the mid 1980s. In court it is subject to the usual requirements for digital evidence, requiring information to be authentic, reliably obtained and admissible.
Reference:
Computer Forensics World
No comments:
Post a Comment