Computer forensic investigations usually follow the standard digital forensic process or phases which are acquisition, examination, analysis and reporting. Investigations are performed on static data (i.e. acquired images) rather than “live” systems. This is a change from early forensic practices where a lack of specialist tools led to investigators commonly working on live data.
Cross Drive Analysis
A number of open source and commercial tools exist for computer forensics investigation. Typical forensic analysis includes a manual review of material on the media, reviewing the Windows registry for suspect information, discovering and cracking passwords, keyword searches for topics related to the crime, and extracting e-mail and pictures for review
The goal of Computer Forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it
Computer Forensic , also called as Cyber Forensic, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law
Computer forensic Components: