Computer forensics is a division of overall forensic science specifically involved with exploring evidences that are hidden in various digital computing devices. This particular field of study basically retrieves unearthing hidden data from digital storage devices such as hard disks, CD-ROMS, flash memories and cell phones.
Throughout the years, this particular field of study has branched and spread its branch to other fields such as retrieving email files, processing systems and data packets traveling on a network. Generally, any information explaining a sequence of events that can be retrieved from a digital computing device can be used as court evidence.
Currently, technology has been widely exploited in order to commit serious crimes including ID thefts, phishing and other online fraudulent crimes. In order to keep a step ahead of these criminals, various detective and investigative agencies from different countries; have strengthened their forces and prepared them with the expertise to fight such crimes. Firewall forensics, database forensics and network & mobile device forensics are some of the many fields that have emerged out of computer forensics in the last decade.
Normally, an investigation of this area is divided into five broad sections:
- Preparation of an investigation
- Collection of data from digital computing devices
- Examination of the data
- Analysis of the data
- Reporting
Much like any other forensic investigation, evidences based on this particular investigation can be used to charge the culprits in court. Computer forensic investigators normally work in the lab for hours - sometimes they have to stay overnight in the lab looking for important leads in some criminal cases.