Computer forensics is the process of preserving, identifying, extracting and documenting valuable electronic data. The term was first used in 1991 in a training session of the International Association of Computer Specialists (IACIS). Computer forensics has been used in law enforcement and military applications for a long time now, to gather evidence from electronic sources. Today, it is being increasingly used even in the corporate sector. The increasing volumes of electronic data being created, stored and transferred each day is the main reason for this.

Every second, thousands of pages of electronic data are being transferred across the world. In the process, the data could be lost or altered. Computer forensics involves the retrieval of this lost data using special software tools and techniques. It is used to identify valuable data from personal computers or other electronic data storage devices. It is also used to identify the leakage of sensitive data from the computer, or any inherent weaknesses in the system.

When documents are created electronically, they are stored in temporary files. Even when they are deleted or updated, some remnants still remain on the hard disk and can be recovered using special tools.

Computer forensics involves the creation of a backup of all the data in the computer. This data is a mirror image of the entire hard disk, and contains even temporary, deleted or altered files. The forensic expert creates a digital fingerprint of the original hard drive to ensure that it is not tampered with while retrieving data. Data is retrieved from the mirror file rather than the original file, so as to not alter date stamps or other useful data. The retrieval process also reveals historical information about the file, such as when it was deleted or altered. The retrieved information can be converted into any required format. There are thus three stages in data recovery: acquire, analyze and report.

There are many companies that provide computer forensic services. There are also many software tools with several useful options such as cloning and disk imaging, file preview, picture gallery, etc. that enable faster and more accurate forensic recoveries.



Source by Marcus Peterson