What is computer forensics?
It is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums, also known as digital forensics. The goal of computer forensics is to explain the current state of a digital artifact. The term digital artifact can include a computer system, a storage medium (such as a hard disk or CD-ROM), an electronic document (e.g. an email message or JPEG image) or even a sequence of packets moving over a computer network. The explanation can be as straightforward as “what information is here?” and as detailed as “what is the sequence of events responsible for the present situation?”
Over the years, we have discovered key evidence for numerous litigated cases. All evidence is carefully controlled to maintain a full chain of custody, ensuring that recovered data are admissible in a court of law.
Special measures should be taken when conducting a forensic investigation if it is desired for the results to be used in a court of law. One of the most important measures is to assure that the evidence has been accurately collected and that there is a clear chain of custody from the scene of the crime to the investigator—and ultimately to the court.
BCT has worked with hundreds of law firms, school districts, insurance companies and corporations since 1996, where we keep pace with the latest in technology to ensure our clients have the best possible service and support – 24 hours a day / 7 days a week. Call us for more information (559) 579-1400.
How we use forensics
There are many reasons to employ the techniques of computer forensics:
In legal cases, computer forensic techniques are frequently used to analyze computer systems belonging to defendants (in criminal cases) or litigants (in civil cases).
To recover data in the event of a hardware or software failure.
To analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did.
To gather evidence against an employee that an organization wishes to terminate.
To gain information about how computer systems work for the purpose of debugging, performance optimization, or reverse-engineering.