An introduction to computer forensics
When you hear of computer forensics, the first thing that pops to mind might be a Crime Scene Investigator, pulling the plastic sheet off of a computer and inspecting for signs of a struggle. Nobody really ever talked about forensics in daily life until they started making those scientifically accurate primetime cop shows, so of course, simple word association generally leads us to forensic sciences being “Something cops do, right?”
Incidentally, the science behind computer forensics really isn’t much different from the science between crime scene forensics. In both instances, the forensics team or expert is looking for a trail of evidence. In either case, the investigator looks at what has happened, determines how it happened, and from that, deducts who might be responsible.
The major difference between the two is that, while an investigator on the scene of a robbery or a violent crime is looking for physical evidence, the computer forensics investigator is looking for digital evidence.
Interestingly, where physical evidence can often be misleading, confusing, ambiguous, and difficult to put together without the help of witness statements, digital evidence tends to present itself in a much more direct manner.