Evidence derived from computer is been used in court for almost 30 years. Initially, judges
accepted the evidence as no different from forms of evidence they were been already seeing. As
computer technology advanced, the accepted similalities to traditional evidential material became
Ambiguities (Olsson, 2004).
2. What is computer Forensic
Computer forensic is a simple application of computer investigation and analysis techniques in the
interests of determining potential legal evidence. Evidence might be sought in a wide range of
Computer crime or misuse, including but not to theft of trade secrets, thefts of or destruction of
Intellectual property and fraud. In other words, computer forensics is application of the scientific
method to digital media in order to establish information for judicial review. This process usually
involves computer system to determine whether they are or were been used for illegal or
Unauthorized activities (Wikipedia, 2006).
Mostly, computer forensics experts investigate data storage devices, either fixed like hard disks or
removable like compact disc and solid-state devices. The work of a computer forensics expert is to
identify sources of documentary or other digital evidence, preserve the evidence, analyze the
evidence, and present the finding. Computer forensics is been done in a fashion that adheres to the
standard of evidence that is admissible in a court of law.
3. Scope of Computer Forensic:
The scope of computer forensics covers a wide field, which continues to grow as computer
Technology proliferates its way into every aspect of modern life. The base computer forensics is
recovering data from floppy disks, hard drives, and removable drive cartridges. This also includes
The history of computer forensic starts with the first time a system administration had to figure out how and what a hacker had done to gain unauthorized access to explore the system. In the beginning, the classic hacker breaking into computer system was more interested in how things work than actually being malicious.As computer evolved out of academic to business and government, there was more data and resource at risk. Hackers incursions became an issue handled through legal channels. While deciding which internal or external parties should handle each aspect of forensics, organization should consider factors such as personnel and equipment costs for collecting data, the time needed internal or external teams to respond to incidents, and data sensitivity and privacy issues. (United States Department of Justice, 2001) IT professionals throughout the organization, especially incident handlers and the first responder to incidents, should understand their roles and responsibilities for forensics. They should be given training and education on forensic, related to the company’s procedures, and they should be prepared to corporate with and assist others when the problems occur for which they were been trained (Nelson, Amelia, & Steuart, 2004). Incident handlers performing forensic tasks should have a broad knowledge of forensic principles, guidelines, procedures, tools, and techniques, as well as anti-forensic tools and techniques that could conceal or destroy data.