Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence.
Computer forensics perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it.
The uses for computer forensics are varied. They range from helping law enforcement officials in the investigation of child pornography, to investigating fraud, murder, espionage, rape and cyber-stalking. In the private sector, computer forensics has been used by commercial organizations to investigate a wide range of cases including industrial espionage, fraud, intellectual property theft, forgeries, disputes with employees, regulatory compliance, bankruptcies and for the inappropriate use of a computer, Internet and email in the work place.
The examination of information contained in databases, both data, and related metadata.
The recovery and analysis of emails and other information contained in email platforms, such as schedules and contacts.
Sifting through code to identify possible malicious programs and analyzing their payload. Such programs may include Trojan horses, ransomware or various viruses.