Computer forensics is a branch of forensic science (though is often not dealt with as such, and is rarely held to the same standards, as a pure science such as DNA analysis.
Computer forensics, relates to legal evidence found in computers and other storage systems – e.g mobile phones, back up tapes, firewalls, and network logs.
The field of Computer Forensics also has sub branches within it such as Firewall Forensics, and Mobile Device Forensics.
There are many reasons to employ the techniques of computer forensics:
- In legal cases, computer forensic techniques are frequently used to analyze computer systems belonging to defendants (in criminal cases) or litigants (in civil cases).
- To recover data in the event of a hardware or software failure.
- To analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did.
- To gather evidence against an employee that an organization wishes to terminate.
- To gain information about how computer systems work for the purpose of debugging, performance optimization, or reverse-engineering.