Overview and Importance of Computer Forensics

Computer forensics can be defined as the process of extracting information from a computer crime scene and guaranteeing its accuracy and reliability. Typically, the information is extracted from computer media, such as hard drives, Zip drives, and other storage devices. It may also include other sources of evidence, such as photographs of the physical system components or the connections among devices, and surveillance videotapes of someone accessing the system.

The computer forensics expert must be able to prove, beyond “any shadow of a doubt,” that the information extracted is exactly as it was on the computer once the investigation began. Elements such as time stamps, file names, file contents, ...

Get Effective Incident Response Team, The now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.