Computer Forensics

               

                The purpose of computer forensics is to investigate and analyze information found on computers to find suitable evidence for a trial. This field is relatively new because back when computers first came out, evidence from them was considered no different than any other kind of physical evidence. However, with advancements in computers, it became obvious that evidence from them could be easily changed, destroyed, or corrupted. Detectives partnered up with computer scientists to come up with a proper set of procedures for securing evidence from a computer source.

                First, detectives must retrieve a proper warrant for where they can search for certain information on a suspect’s computer. Then, after isolating the computer from being illegally tampered with, forensic investigators make a digital copy of the device's storage media. The real device is then locked in a safe facility to maintain its condition. All investigation is done on the digital copy. Investigators use a variety of techniques and software applications to examine the copy, searching hidden folders and unallocated disk space for copies of deleted, encrypted, or damaged files. Everything in the procedure is documented and important evidence is carefully placed into a “findings report”, which is what is presented during the trial. 

          http://searchsecurity.techtarget.com/definition/computer-forensics http://computer.howstuffworks.com/computer-forensic.htm