What is Computer Forensics?

As I see and understand it; computer forensics is a scientific art form based around the collection and investigation of data to deduce the events of a cyber situation that may or may not have occurred, or as put by Steve Hailey. “At a basic level, computer forensics is the analysis of information contained within and created with computer systems and computing devices, typically in the interest of figuring out what happened, when it happened, how it happened, and who was involved.”(Steve Hailey) Like Steve says Who, what, when, where, how; all questions one finds within computer forensics.

Though the name is often refereed to as Computer Forensics because of the broad spectrum of technology it is also referred to as Digital Forensics, Cyber Forensics, among others. One of the easiest things to compare a computer forensics technician to is a police investigator. Most people have seen the crime shows where the investigator has to collect the evidence and try to figure out exactly what happened. It’s essentially the same concept except for the fact that it’s in the digital realm. The police investigator has to look at the situation at hand and figure out what events occurred, when it happened, along with other factors. Then once the theory for crime is obtained they look for fingerprints or some sort of DNA to figure out who potentially committed the crime. Where as a computer forensics investigator has to figure out what events took place, who was logged in, when it happened, and analyze data.

Computer forensics is generally broken down into 5 steps. These follow a loose direction because one can find themselves jumping back and forth between steps. The first though is identification. During this step the investigator has to gather information on the event, possible mediums for evidence, as well as obtaining the scope of the event. Next is preservation which aims to preserve the original data on a device of the evidence container itself. After one has all they believe was involved in the event it’s time to examine them. Nowadays there is a variety of software available to sift through all the data based on parameters given to it. During this step privacy is of high concern so staying within scope is ideal. Now that the examination step has refined our data we move onto the analysis step. Sometimes it’s not within the computer forensics investigators contract to actually analyze the data, but to just to provide the data that may be of interest found during the examine step. Either way the final step is reporting. The investigator then reports his findings to the appropriate parties.

Computer forensics is going to be ever expanding much in the same way there are break throughs in the technology DNA investigation. As technology expands and more researchers expand the field more can be added to this scientific art of computer forensics. Seeing as computer forensics really was limited to computers only 15 years ago and seeing what we have now makes one wonder what technology we will have that will find its way into the path of computer forensics.


Hailey, Steve. “CyberSecurity Institute – What Is Computer Forensics?.” CyberSecurity Institute – What Is Computer Forensics?. N.p., n.d. Web. 3 Sept. 2014. <http://www.csisite.net/forensics.htm>.

“Using Analogy to Explain Computer Forensics.” G4tv.com. N.p., n.d. Web. 3 Sept. 2014. <http://www.g4tv.com/articles/41685/using-analogy-to-explain-computer-forensics/>.

Please follow and like us: