The Forensic Process

There are five basic steps to computer forensics:

1. Preparation (of the investigator, not the data)
2. Collection (the data)
3. Examination
4. Analysis
5. Reporting

The investigator must be properly trained to perform the specific kind of investigation that is at hand.

Tools that are used to generate reports for court should be validated. There are many tools to be used in the process. One should determine the proper tool to be used based on the case.