A computer system typically consists of a base unit, sometimes called a central processing unit (CPU), data storage devices, a monitor, keyboard, and mouse. It may be a standalone or it may be connected to a network. There are many types of computer systems such as laptops, desktops, tower systems, modular rack-mounted systems, minicomputers, and mainframe computers. Additional components include modems, printers, scanners, wireless adapters, docking stations, and external data storage devices. For example, a desktop is a computer system consisting of a case, motherboard, CPU, and data storage, with an external keyboard and mouse. primary uses: For all types of computing functions and information storage, including word processing, calculations, communications, Internet access, office applications, business applications, email, gaming and graphics.

Potential evidence: Evidence is most commonly found in files that are stored on hard drives and storage devices and media. Examples are:

User-created files
User-created files may contain important evidence of relevant activity such as address books and database
files that may prove certain associations, still or moving pictures that may be evidence of paedophile
activity, and evidence of communications between parties such as by email or letter. Also, financial details
may often be found in spreadsheets. Examples of user-created files:

* address books
* email files
* audio/video files
* image/graphics files
* calendars
* internet bookmarks/favourites
* database files
* spreadsheet files
* documents or text files

User-protected files
Users have the opportunity to hide evidence in a variety of forms. For example, they may encrypt or
password-protect data that is important to them. They may also hide files on a hard disk or within other
files or deliberately hide incriminating evidence files under an innocuous name.
* compressed files
* misnamed/renamed files
* encrypted files
* password-protected files
* hidden files
* steganography

Evidence can also be found in files and other data areas created as a routine function of the various types of computer operating systems. In many cases, the user is not aware that data is being written to these areas or files. Passwords, Internet activity, deleted files and temporary backup files are examples of data that can often be recovered and examined.

Note: There are components of files that may have evidentiary value including the date and time of creation, modification, deletion, access, user name or identification, and file attributes. Even turning the system on can modify some of this information. For example, the last time that a PC was booted or shutdown may be important.

Computer-created files

backup files
log files
configuration files
printer spool files
cookies
swap files
hidden files
system files
history files
temporary files
link files
event logs

other data areas
bad clusters
other partitions
computer date, time, and password
reserved areas
deleted files
slack space
free space
software registration information
hidden partitions
system areas
lost clusters
unallocated space
metadata
boot records