AS EXPLAINED IN CHAPTER 1, "System Forensics Fundamentals," system forensics is the art and science of locating, extracting, analyzing, and protecting data from devices and networks. Specialists interpret this data and use it as legal evidence. The field of system forensics has been a mainstay for law enforcement and military agencies since the mid-1980s. It is relatively new to the private sector but is rapidly growing.

This chapter looks at specific types of system forensics technology that specialists in the military, law enforcement, and business use. The analytical techniques are the same for each category. However, the focus of investigations differs, depending on the specifics of the case. Perpetrators ...