Computer forensics involves the preservation, identification, extraction, documentation and interpretation of computer data. It is often more of an art than a science, but as in any discipline, computer forensic specialists follow clear, well-defined methodologies and procedures, and flexibility is expected and encouraged when encountering the unusual. It is unfortunate that computer forensics is sometimes misunderstood as being somehow different from other types of investigations. . . .
Computer forensics involves the preservation, identification, extraction, documentation and interpretation of computer data. It is often more of an art than a science, but as in any discipline, computer forensic specialists follow clear, well-defined methodologies and procedures, and flexibility is expected and encouraged when encountering the unusual. It is unfortunate that computer forensics is sometimes misunderstood as being somehow different from other types of investigations.

For instance, if you were investigating a murder that took place in Times Square, you would photograph the scene, look for evidence, and take samples of the crime scene, including control samples to compare to the evidence. The collection of evidence proceeds similarly in a computer investigation, but for some reason, some people want to recreate the entire system, be it a standalone PC, a server with a terabyte RAID system, or even an entire network. Nobody expects the prosecution to rebuild Times Square in the courtroom, but that is often the expectation in a computer crime case. Admittedly, digital data can be highly volatile. General unfamiliarity not only with computer forensics, but also with computers themselves, makes this field a highly challenging one, but this book can help you prepare for it.

The link for this article located at ebcvg.com is no longer available.