Computer forensics is the discipline of forensic science related to the acquisition of evidence from computers or other digital devices. The aim is to examine the electronic material following forensic analysis processes (guidelines, shared practices) in order to identify, preserve, acquire, recover, analyze and present evidence in a judicial context, in support of a thesis or a reconstruction of events. The evidence must be reliable and non-prejudicial, which means that at all stages of the forensic investigation, admissibility must be paramount.
The investigation (also carried out in the “field”) is mainly performed in a specialized laboratory, with the use of advanced tools popular among forensic analysts:
• Forensic duplicators;
• Wiping devices;
• Hardware/software WriteBlocker;
• Shielded/insulated containers (Faraday bag);
• Acquisition appliance (Ufed, Logicube, Mobiledit, Paraben, etc.) from mobile devices (phones, smartphones, tablets, navigators, drones, etc.);
• Forensic analysis tools (Encase, Ftk, X-Ways, Axiom, etc.).
Used for:
• IT and telematic crimes;
• Crimes in which traces or clues are found in the systems;
• Investigation against fraud and defensive appraisals;
• Internal auditing, disloyal employees;
• Preventive investigations to protect company assets;
• Digital Evidence, the digital proof;
The term “computer forensic expert” is commonly used to identify the professional figure who lends his work in the field of computer crimes or computer crime, dealing with identifying, preserving, acquiring and analyzing the contents stored within any medium or storage device. The activities are therefore directed not only to all categories of computers, but to any electronic device capable of storing data (mobile phones, smartphones, home automation systems, motor vehicles, drones, navigators, etc.).