What is a Computer Forensic Examination?

A Forensic Computer Examination is a thorough, tightly controlled and fully documented examination of digital media for content or activities that may be of interest to the client. The data could provide potentially relevant evidence or investigative leads.

Forensic computer examinations go far beyond normal data recovery techniques and go into areas and files on the media not normally accessed by untrained personnel. Areas like the unused (unallocated) space on a computer, deleted files, password protected files, etc. are available for examination and evaluation during a thorough forensic examination. Forensic examinations can find the data that you want or need.

Forensic computer examinations are conducted using procedures and protocols that ensure all data is recovered and presented to the client. A forensic computer examination will ensure that the data found is admissible in court, if necessary.

One may simply think of computer crimes as someone trying to "hack" into a computer system or as crimes committed on the Internet. However, once it is realized that computer storage media are really large filing cabinets with detailed, retrievable records of the activities of the user, it can be seen that computer evidence can be very important in any type investigation or inquiry.