Wikia

The IT Law Wiki

Computer forensics

31,973pages on
this wiki
Talk0

Definition Edit

Computer forensics refers to the use of specialized techniques for recovery, authentication and analysis of electronic data when an investigation or litigation involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage.

Overview Edit

Computer forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end users or system support personnel, and generally requires strict adherence to chain of custody protocols.

Computer forensics encompasses e-discovery, intrusion detection and incident response, data recovery, and the packaging and presentation of digital evidence to standards admissible in various legal settings.

The foundation of all computer forensic techniques is the concept of a disk image — a bitstream representation of every bit of information originally stored on an instance of physical media.

Process Edit

The computer forensics process consists of three phases: acquisition, examination, and presentation. Computer forensic investigators must have software tools that can effectively and efficiently accomplish the following tasks:

Source Edit

See also Edit

Around Wikia's network

Random Wiki