It is the end of the day and it has been discovered that several critical files are missing from your file server. That alone is normally is enough to freak out most server administrators, but this specific incident also happened to be on the exact same day a particular employee was 'terminated'. As you recall that individual, had access to the missing data, but as far as you know, she didn't seem like the type of person to do something malicious. Then again, you noticed she seemed pretty upset as she was clearing out her desk that day too. You begin to wonder if there is a connection between the two, and if so, how you collect the necessary information to present to your manager.
No, you are not imagining a scene from CSI or Court TV. This situation happens daily in real life and may have happened, or could happen, at the company you work for. Remember Enron?
What is Computer Forensics?
Computer forensics, sometimes known as "Digital Forensics" or "Electronic Evidence Discovery", is often described as "the preservation, recovery and analysis of information stored on computers or other electronic media".
Computer forensics has quickly become a vital tool and source of information for criminal investigators, corporate counsel, and prosecutors. Computer forensics investigators use their skills to identify and restore formatted, corrupted, deleted or hidden files from computers or other electronic media while maintaining crucial data trails, time
