Computer forensics is the application of computer skills and investigation techniques for the purpose of acquiring evidence. It is a relatively new field that emerged in law enforcement in the 1980s, but since then, it has become an important investigative practice for both police and corporations. It involves collecting, examining, preserving, and presenting evidence that is stored or transmitted in an electronic format. Because the purpose of computer forensics is its possible use in court, strict procedures must be followed for evidence to be admissible.

Computer forensics uses scientific methods to retrieve and document evidence located on computers and other electronic devices. Using specialized tools and techniques, digital evidence may be retrieved in a variety of ways. Such evidence may reside on hard disks and other devices, even if it has been deleted so it is no longer visible through normal functions of the computer, or hidden in other ways. Forensic software can reveal data that is invisible through normal channels and restore it to a previous state.

Even when an incident is not criminal in nature, forensic procedures are still important to follow. There may be incidents where employees have violated policies. These actions can result in disciplinary actions (up to and including termination of employment). To protect the company from a lawsuit for wrongful termination, discrimination, or other charges by the disciplined employee, any actions taken by the company must be based on sound evidence.

There are a number of standards that must be met to...