Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it.
Uses of computer forensics
There are few areas of crime or dispute where computer forensics cannot be applied. Law enforcement agencies have been among the earliest and heaviest users of computer forensics and consequently have often been at the forefront of developments in the field.
Computers may constitute a ‘scene of a crime’, for example with hacking  or denial of service attacks  or they may hold evidence in the form of emails, internet history, documents or other files relevant to crimes such as murder, kidnap, fraud and drug trafficking.
It is not just the content of emails, documents and other files which may be of interest to investigators but also the ‘metadata’  associated with those files. A computer forensic examination may reveal when a document first appeared on a computer, when it was last edited, when it was last saved or printed and which user carried out these actions.
More recently, commercial organisations have used computer forensics to their benefit in a variety of cases such as;
* Intellectual Property theft
* Industrial espionage
* Employment disputes
* Fraud investigations
* Bankruptcy investigations
* Inappropriate email and internet use in the work place
* Regulatory compliance