What is Computer/Digital Forensics?
Computer forensics, also known as digital forensics, is a scientific examination by a certified computer forensic specialist, which includes the identification, collection, preservation and analysis of all forms of Electronically Stored Information (ESI), in such a way that the information obtained can later be used as evidence in a court of law.
During a typical digital investigation, a certified forensics investigator will:
Determine the purpose and objective of the investigation. Then they will take several careful steps to identify and extract all relevant data on a subject’s computer system. The examiner will extract the data that can be viewed by the operating system, as well as data invisible to the operating system.
The examiner will image, protect and preserve the evidence during the forensic examination from any possible alteration, damage, data corruption, or virus introduction, insuring evidence is not damaged, tainted or in any other way rendered inadmissible in court.
Use forensically sound protocols at all times during the investigation to ensure the information obtained is admissible in court. It must be assumed that every case/situation could end up in the legal system.
Address the legal issues at hand in dealing with electronic evidence, such as relevant case law, how to navigate the discovery process, protection of privilege, and in general, working and communicating with attorneys and other professionals involved in the case.
What are the common situations in which Computer Forensics is used?
- Unauthorized disclosure of corporate information
- Theft of intellectual property or trade secrets
- Employee Internet abuse or other violations of a computer policy
- Other Workplace Misconduct
- Damage assessment and analysis (post incident)
- Industrial espionage
- Negligence, sexual harassment, and deception cases
- Evidence collection for future employee termination
- Criminal fraud and white-collar crime
- More general criminal cases and many civil cases
- Missing persons investigations