Computer forensics is the study of digital media, either fixed, as in hard drives, or removable like floppy disks or flash drives, to establish factual information for use in the judicial process. Computer forensics is the acquisition, preservation, examination, and analysis of electronic data. While the processes involved in computer forensics can be used to aid computer users in the recovery of lost or deleted data, its literal function is as a tool in criminal investigations.
Practically every legal case now brought before the courts involves some sort of digital evidence. Computer forensics has seen many advances recently and the field expects to see many more in the future. The uses of computer forensics are expanding to include non-investigative purposes such as data mapping for security risk assessment and data protection. The focus of computer forensics is experiencing a paradigm shift from investigation to prevention. Computer forensics methods are increasingly being used by companies not only to protect themselves from external threats, but also against attack from within. Hackers from within, such as disgruntled employees are becoming an increasing threat to businesses. Forensics can also be applied when crucial files have been accidentally deleted or lost due to hardware failure.
As computer forensics advances, so do the techniques used by criminals to avoid them. Savvy hackers have even been known to employ traps to either destroy or erase media and storage devices, taking the evidence with it. Forensics experts need to carefully inspect computers before attempting to access the hardware for such traps. Some have even gone as far as to attach explosive or incendiary devices to computers to destroy evidence in the event someone tries to access files.