Computer forensics is the generic name that we use for the analysis and reporting on our findings from the forensic analysis of all computer or digital-related media. This not only includes PC/Laptop or Server hard drives but also other storage devices such as USB drives, MP3 players, memory cards, SIMS and data gathered via network analysis.
All types of operating systems can be analysed, from DOS and Microsoft Windows-based, through to MAC, UNIX variants, and those utilising more obscure systems. If the data is stored electronically, then it can probably be forensically analysed.
Common computer forensics cases include:
* drug dealing
* internet misuse
* pornography in the workplace
* illegal downloads
* IP theft
* virus/malware infection
* email analysis
* data recovery
* contract negotiations
* peer-peer activities
* spyware analysis
* spoofed and threatening emails
* document tracking
The approach to securing evidence is vital. When dealing with electronic evidence, general forensic and procedural principles should be applied:
* actions taken to secure and collect evidence should not change that evidence.
* persons conducting examination of evidence should be trained for the purpose.
* activity relating to the seizure, examination, storage, or transfer of evidence should be fully documented, preserved, and available for review.
* evidence should be appropriately protected.