Computer forensics is the name given to the branch of computer science dealing with extracting evidence for legal matters from computers and/or digital storage media. Many people think that simply moving a document to the recycling bin will prevent anyone from ever accessing any part of it again, but this is not the case.
With the rise of personal computers in the early 1980s, the amount of crime organised, recorded on or done via computers also skyrocketed, prompting the emergence of this field. Computer forensic scientists employ techniques much like data recovery specialists in order to glean any information left over from files that could provide evidence to civil or criminal court cases. Internet search histories, social media posts, encrypted files, and anything that can be salvaged after a disk wipe can all be instrumental in delivering clues or justice. Often, even simply the dates of file creations or modifications, or geographical data from apps that use locations will be helpful in finding a perpetrator, and/or convicting them. On other occasions, the data found is the crime itself - circulating child pornography, electronic fraud and cyber stalking are all examples of 'true' computer crimes where a criminal may be caught red-handed via computer forensics.
The difference between computer forensics and data recovery, aside from the intent, is that computer forensics must follow strict guidelines in the standard digital forensic process rather than working with live systems however they wish to, since the legal requirements for evidence are much stricter than those for retrieving lost holiday photos.© BrainMass Inc. brainmass.com January 18, 2019, 2:25 am ad1c9bdddf