Who cares about digital footprints? Who cares about invisible trails of unshreddable electronic evidence (e-evidence) left by PCs and cellphones, PDAs and iPods, e-mail and social networks, visited Web sites and instant messaging, and every wireless and online activity? The sweeping answer is that you — and the many other people reading this book — care, and for good reasons. Investigators, attorneys, suspicious spouses, and the news media are legitimately interested in finding out what was sent over the Internet or private networks, what's stored on backup tapes or logs, and who wrote what in corporate e-mail or the blogosphere.

People concerned with what's happening to personal privacy certainly care. Anyone involved in litigation, criminal investigation, network intrusion, fraud or financial audit, marital or contract dispute, employment claim, or background check will care — sooner or later. Hardly a case goes to court — or avoids going to court — these days without the help of electronic gumshoes.

Digging up data to expose who did what and when, with whom, where, why, and how is a primary purpose of computer forensics. Computer forensics falls within the broader legal concept of electronic discovery, or e-discovery, the process of gathering data, documents, or e-mail in preparation for legal action that may lead to trial. Both these topics are serious stuff, as you soon find out in this book.

Searches for evildoers or illegal doings are now done megabyte by megabyte. ...