What is "Computer Forensics"?
Computer Forensics (CF) is obtaining digital evidence
» Analogue evidence is usually not considered here: Use
"ordinary" forensics to gather/evaluate
– Analogue computers are almost non-existing today!
This may come from running systems or parts of them
» Hard disks, flash drives, PDAs, mobile phones, telephones,
copiers, “pads” etc.
Can be evidence for computer crimes (computer fraud,
hacking, …) or any other crime (documents with plans for x)
or for various other uses
One indispensable issue is "data integrity"
Data is easily changeable:
Evidence is then and only then usable in proceedings, if it is
ensured, that it has not been changed!
Introduction to Computer Forensics