This new branch is a slowly evolving new field of study. The aim of this branch of computer science is to determine the modus operandi of the cyber thiefs and not only bring them to book, but to prevent such criminal acts in future, through proper softwares and of course legislations.
Forensic techniques and expert knowledge are largely used to explain how the device has been tampered with, such as a computer system, storage medium, electronic documents (e.g. email messages or JPEG image).The scope of a forensic analysis can vary from simple information retrieval to reconstructing a series of events. This branch has been defined as involving “the preservation, identification, extraction, documentation and interpretation of computer data”. Computer forensic methodology is backed by flexibility and extensive domain knowledge and is often the culmination of hardwork, intuitive observations and proven inferences.
Through appropriate legislation, in India, forensic evidence is subject to the usual requirements for digital evidence requiring information to be authentic, reliably obtained and admissible.
Computer forensic investigations usually follow the standard digital forensic process (acquisition, analysis and reporting).
A number of techniques are used during computer forensics investigations like cross-drive analysis, analysis of deleted files etc. The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. A common technique used in computer forensics is the recovery of deleted files.
Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.