1 What is Cyber Forensics?

Definition: Cyber forensics is the acquisition, preservation, and analysis of electronically stored information (ESI) in such a way that ensures its admissibility for use as either evidence, exhibits, or demonstratives in a court of law.

Rather than discussing at great length what cyber forensics is (the rest of the chapter will take care of that), let’s, for the sake of clarity, define what cyber forensics is not. It is not an arcane ability to tap into a vast, secret repository of information about every single thing that ever happened on, or to, a computer. Often, it involves handling hardware in unique circumstances and doing things with both hardware ...