Listening to the news on a daily basis suggests that it is a matter of when rather than if any given computing device will be compromised. What really matters is how fast one responds to the compromise to mitigate loss and to prevent future incidents. To be able to react with speed, proper plans and procedures need to be implemented beforehand, and tested on a regular basis for preparedness. Part of the response process is to investigate and understand the nature of the compromise. Cyber forensics is an integral part of incident response that fills this role. It is a form of forensic science whose aim is to identify, preserve, recover, analyze and present facts ...