Generally, law enforcement agencies are the heaviest users of computer or data forensics. It is therefore not surprising that well trained forensics investigators always stress on admissibility of evidence in court every now and then. After all, what is the use of forensics reports if one can not even present them to the court for purpose of litigation ?
Digital forensics can also be used as a pre-emptive measure to audit and enforce data security by discovering possible scenerio of data leaks. For instance, by discovering sensitive information that is not supposed to appear on certain media will quickly suggest flaw in computer system which may required immediate stopgap measures by IT managers.
Most often, computers are used as the tools constituting a scene of a particular crime. Any criminal or inappropriate act of using the computer for hacking, email correspondence, internet browsing, application installation, data erasure and data theft will always leave behind traces of activities related to the act. A properly trained forensics investigator can look beyond just the contents of data files to get into the metadata of data which is the key to evidence such as data ownership and date, time of access, file creation, file modification and even output printing.
Broadly speaking, computer forensics is used by business organization for litigation or security audit in a number of situations such as:
- Data theft
- Computer or network hacking
- Industrial espionage
- Fraud investigations
- Inappropriate use of email and internet in work place
- Regulatory compliance