What is Computer Forensics?


Computer forensics is pertaining to evidence found on computers, phones and all forms of storage media.

The aim of computer forensics is to identify, analyse, recover, collect and present digital information for use in criminal and civil cases with the main purpose of convicting or exonerating an accused.
Although computer forensics is mostly used to investigate computer crimes like hacking and fraud; today it’s also used to investigate crimes like espionage, cyberstalking and murder. The scope of a forensic analysis can vary from simple information retrieval to reconstructing a complete timeline of events. In a 2002 book Computer Forensics authors Kruse and Heiser define computer forensics as involving “the preservation, identification, extraction, documentation and interpretation of computer data“.
Computer forensic investigation, include manual review of data, keyword searches for topics related to the crime, extracting emails and pictures, data recovery for retrieving deleted evidence and password cracking for retrieving locked evidence.

The Evidence

To be admissible in court, evidence must be authentic and reliably obtained. Countries have different guideline pertaining to evidence collection. Various open source and commercial tools are available for computer forensics investigation. We will discuss some of these later this year.


I suggest starting small when perusing a career in computer forensics. The Asian School of Cyber Lawoffers international level certifications in Digital Evidence Analysis and Digital Forensic Investigation. Sign up for some of their free courses first to test the water. I will still be reviewing some of these free courses later in the year.
Some commercial forensic software companies are offering proprietary certifications on their products. For example, Guidance Software offering (EnCE) certificationAccessData offering (ACE) and X-Ways Software Technology offering (X-PERT).
There are also several other computer forensics certifications available, such as the The International Society of Forensic Computer Examiners (ISFCE) Certified Computer Examiner (CCE) certification,Digital Forensics Investigation Professional (DFIP) certification, the Information Assurance Certification Review Board (IACRB) Certified Computer Forensics Examiner (CCFE) certification and the International Association of Computer Investigative Specialists IACIS offers the Certified Computer Forensic Examiner (CFCE) program.