What Is Computer Evidence?
The main purpose of computer forensics is the proper identification and collection of computer evidence. It is both an art and a science. Computer evidence shares common characteristics with, but also differs from, conventional legal evidence. Forensic examiners need to understand the specifics of computer evidence so that they can properly collect it for later use.
Incidents and Computer Evidence
Computers may be involved in security violations in one of two ways. First, a computer can be used in the commission of crimes or violations of policy. Second, a computer can be the target for an attack. In the first situation, one or more computers are used to perform an inappropriate action. Such actions might be illegal ...