Computer forensics principles:

  • Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law.
  • The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.

Sources of evidence:

the sources of evidence can be by existing files, deleted files, logs, special system files(registry), email archives, printer spools, administrative settings, internet history, chat archives and encrypted files/password protected files.